During 2017, the crypto-currency market grew nearly 20-fold, reportedly increasing from approximately $18 billion to more than $600 billion (USD). Those gains amplified threat actors’ interest in accessing the computing resources of compromised systems to mine crypto-currency. Secureworks® incident response (IR) analysts responded to multiple incidents of unauthorized crypto-currency mining in 2017, and network and host telemetry showed a proliferation of this threat across Secureworks managed security service clients. Financially motivated threat actors will continue to use malware infections to deploy crypto-currency mining software for as long as it remains profitable.
Compared to complete loss of availability caused by ransomware and loss of confidentiality caused by banking trojans or other information stealers, the impact of unauthorized cryptocurrency mining on a host is often viewed as more of a nuisance. However, the cumulative effect of large-scale unauthorized cryptocurrency mining in an enterprise environment can be significant as it consumes computational resources and forces business-critical assets to slow down or stop functioning effectively.
Furthermore, the deployment and persistence of unauthorized crypto-currency mining software in an environment reflects a breakdown of effective technical controls. If activity of this nature can become established and spread laterally within the environment, then more immediately harmful threats such as ransomware could as well. The technical controls used to mitigate the delivery, persistence, and propagation of unauthorized crypto-currency miners are also highly effective against other types of threat.
The full report is available for CDM readers at this link: https://www.secureworks.com/research/cryptocurrency-mining-malware-landscape
About the Author
Mike McLellan, SecureWorks
Mike McLellan is a Senior Security Researcher with the SecureWorks Counter Threat UnitTM (CTU) research team with a focus on understanding and mitigating targeted attacks against SecureWorks’ clients. He has extensive experience in threat intelligence and incident response, having previously established and led the incident response team in the UK’s National Cyber Security Centre. To reach out to Mike and his team send an email to firstname.lastname@example.org and tell them Cyber Defense Magazine sent you their way.