What is illicit cryptomining (and how do I stop it)?

Cryptocurrency tends to be overlooked by most organisations – unless they receive a ransomware demand to be paid in Bitcoin. However, there is a growing interest in virtual currencies and the promise of getting rich quick has helped to create a new branch of cybercrime – illicit cryptomining.

What is cryptomining?

Unlike traditional fiat currencies which are overseen by national banks, cryptocurrencies operate a distributed ledger. To operate, transactions on the distributed ledger (blockchain) must be validated by network users.

This decentralisation increases trust in the system, maintains the accuracy of the blockchain and ensures that payments are validated and completed. Decentralisation also ensures that the computer processing required is spread between network users which perform the necessary ‘hashing’ operations.

This hashing is also known as cryptomining because network users are rewarded with currency in return for their efforts. The more hashes a user can complete, the greater their potential income.

Stealing computer power

To acquire more processing power, criminals have developed malware to perform cryptomining remotely. Once infected, a compromised computer can then be used as part of a distributed network to perform mining activities – and to generate earnings for the hacker.

Why does illicit cryptomining matter?

Unlike other forms of malware, cryptominers do not typically steal sensitive data. However, the malware is designed to extract maximum performance from infected systems, stealing CPU cycles that should be directed towards your mission-critical operations.

Infected systems tend to become slow and unresponsive. And the additional processing load and generated heat can significantly reduce hardware lifespans. These are unintentional consequences of illicit cryptomining malware – but they are costly and disruptive.

How can I protect against illicit cryptominers?

1. Install endpoint security

Every endpoint (PC, server, notebook, smartphone) needs to be protected by a multilayer security system. These tools can detect – and remove – unwanted applications and trojans like cryptominers.

2. Use Intrusion Detection Software

IDS systems will monitor traffic to automatically identify suspicious activity. Using a built-in directory of known exploits, an IDS will block traffic to infected domains, block outgoing connections on typical cryptomining ports such as 3333, 4444 or 8333 and highlight signs of persistence for further investigation.

3. Increase network visibility

A remote management console allows your network security team to enforce policies and monitor system status across all devices wherever they are located. This provides additional protection for your systems and users in the age of work-from-home.

4. Increase employee knowledge and skills

Your employees remain an important resource in the fight against cybercrime. Training all of your staff (not just the IT engineers) in maintaining good cyber hygiene will be instrumental in preventing malware infections. Asking employees to create and use strong passwords, applying two-factor authentication systems, and increasing the protection of company systems will help to reduce the risk of leaked passwords or brute force attacks.

To learn more about illicit cryptomining – and how to better protect yourself against it – please give the WTL team a call .

Scroll to Top