The rising popularity of cryptocurrency mining has been profitable not only for those investing in them but also for cybercriminals.
Crypto-mining malware is a serious threat to enterprise CPU power and other resources. In January, Coinjournal.net estimated that 23% of organizations are at risk of having their resources drained by this emerging threat.
The primary targets are media streaming and file sharing services that use extensive CPU and GPU server power that a hacker can exploit.
However, other companies are at risk too. Just recently, the security firm RedLock reported the hack of Tesla’s cloud servers. Redlock found that Tesla was operating under hundreds of open-source systems that could be accessed online without requiring a password. With this, hackers were able to hack Tesla’s Amazon cloud.
While not being a threat to customers’ privacy, cryptocurrency mining malware can cause significant damage to an organization’s IT systems.
The Coinjournal article above points out that the malware can use up to 65% GPU resources. That can mean a significant loss of operational productivity and, consequently, money.
What is Cryptocurrency Mining?
Crypto-mining involves validating transactions and adding encrypted blocks to a blockchain. Cryptocurrency miners solve hashes to establish a valid block connection and then receive rewards, or coins. The more blocks that are mined, the harder it becomes to solve the hash.
The mining process can take years with a basic home computer. To resolve this issue, miners use customized computer hardware to speed the process and form mining pools where several collections of computers work concurrently to calculate the hash.
The more resources in the pool, the better the chance of mining new blocks and collecting more rewards. It is this search for more computing resources that lead miners to exploit networks.
Enterprise Security Risks Of Crypto Malware
Crypto-mining malware poses a severe threat to enterprise security.
In all cases of mining, software is very processor intense, which means it can slow machines. CPUs running with a high load for an extensive amount of time will raise electrical costs and shorten the life of the processors.
Native mining software can access the operating system in a similar way to how botnet delivered malware exploits a machine. The presence of native mining software could mean a device was compromised.
Organizations, primarily enterprises, need to ensure they are using secure cloud solutions. They should choose secure cloud environments with advanced safety systems and hardware-enhanced security.
Hackers are looking to exploit software vulnerabilities to harness the free source of computing power
Concealed cryptocurrency mining programs are set to operate when CPU cycles aren’t being used, which makes them hard to detect. These programs attempt to disable security software, which leaves your CPUs vulnerable to other attacks. This is why you should take all security steps to block anyone from using your CPU resources.
Protect Your Companies Systems From Crypto-Mining Malware
It is hard to tell the precise amount of cryptocurrency is mined through crypto-mining.
Anything over zero is too much for your enterprise to lose. It is only going to get worse as this exploit is still in its infancy. Hackers view crypto-mining as a fast, cheap, and easy way to profit.
There are a few easy ways you can protect your systems:
Malware Protection Starts With Every Network Device
1. Endpoint security – protect your employees’ browsers.
Protection Google Chrome Browser
If your employees primarily use Chrome, you can install Security Chrome extensions to block crypto-mining within the browser.
No Coin is a free extension and can be a safe and reliable method to control how a website interacts with Chrome. The way it works is that as soon as you visit a site, No Coin detects and displays any crypto-mining activity. You will be notified with a red symbol if the extension detects “coin mining malware” on the page.
Another useful extension you can add for Chrome is minerBlock.
Similar to No Coin, minerBlock displays a red notification icon on the upper right-hand side of the browser in the address bar that notifies you of suspicious activity.
Opera Malware Settings With NoCoin
Opera comes with a built-in setting to block crypto-mining activity. Just go to your Settings in Windows or Preferences in macOS > Basic > Block ads and then go to the Recommended lists and check the NoCoin (Cryptocurrency Malware Protection) checkbox.
NoScript in Firefox
For you Mozilla Firefox fans out there, you can add JavaScript-blocking extensions such as NoScript.
Be cautious with this one as it is aggressive and might break connections with websites you try to visit as it will disable all scripts running on the page.
2. Block crypto-mining domains
The manual method of blocking specific domains that is not too intrusive is to edit hosts files and redirect them to 0.0.0.0.
You can do this in both Windows and Linux. For Windows, you will have to go to:
C:WindowsSystem32drivers….
and edit the host file to include 0.0.0.0 coin-hive.com to the end.
In Linux, open the hosts file by running this command: sudo nano /etc/hosts and add 0.0.0.0 coin-hive.com to the end.
3. Reinforce mobile security policies
With viruses and malware often coming from employees’ mobile devices, you may want to reevaluate your current mobile security policies.
Ensure your employees are using protected devices for accessing company network remotely. Organize security training programs to warn them about the threat and educate them about the best practices.
Conclusion: Crypto-Mining Malware
As a relatively new threat, crypto-mining malware is bringing new risks for enterprises. Your systems are vulnerable unless you take preventative measures.
Implement best practices that can minimize the risk of infection.
Protection starts at the workstation level by adding a few browser extensions or making a couple of selections in your browser settings.
Proactive protection of your physical machines and your networks, the less vulnerable you are to security exploits that can cause damage to your data or hardware.