How do illicit cryptocurrency miners work?
There are two main types of illicit cryptominers:
1. Binary-based – malicious applications downloaded and installed onto a targeted device with the intent to mine cryptocurrency. The majority of these applications are in the form of Trojan horse viruses.
2. Browser-based – malicious JavaScript embedded into a web page or section of a web page, designed to mine cryptocurrency via the browsers of the site’s visitors. This method is dubbed cryptojacking and has become increasingly popular with cybercriminals since mid-2017. ESET detects the majority of cryptojacking scripts as potentially unwanted applications (PUAs).
Warning
Why should SMBs care about illicit cryptominers?
30% of UK organizations fell victim to a cryptojacking attack in the previous month, a recent survey among 750 IT executives across the UK has found. These statistics document two things:
- Despite illicit cryptomining posing a threat with seemingly lower severity, organizations should not underestimate the risk it represents. Mining usually hijacks a large portion of hardware’s processing power reducing performance and productivity. The power-intensive process causes additional stress to the hardware components and can damage targeted devices, shortening their lifespans.
- Cryptocurrency miners expose vulnerabilities in an organization’s cybersecurity, which can lead to severe compromises and disruptions. Due to their higher and concentrated performance, business infrastructures and networks are a more valuable target than consumer devices, promising the attacker higher earnings within a shorter timeframe.
How to recognise a cryptocurrency mining attack?
Cryptomining and cryptojacking are typically associated with extremely high processor activity, which has noticeable side effects. Watch out for the following:
- Visibly reduced performance and productivity
- Unusual energy consumption
- Suspicious network traffic such as file changes or failed log in attempts
On Android devices additional computational load causes:
How to keep your organisation protected from cryptocurrency miners?
- Protect your endpoints, servers and other devices with reliable and multilayered security solutions able to detect potentially unwanted (PUA) cryptomining scripts as well as cryptomining Trojans.
- Implement Intrusion Detection Software (IDS) that helps identify suspicious network patterns and communication potentially tied to illicit cryptocurrency mining (infected domains, outgoing connections on typical mining ports such as 3333, 4444 or 8333, signs of persistence, etc.).
- Increase network visibility by using a remote management console to enforce security policies and monitor system status.
- Train all employees (including top management and network administrators) in how to maintain good cyber-hygiene. Create and use strong passwords, reinforced with two-factor authentication, increasing the protection of company systems in case passwords are leaked or brute forced.
Additional measures
Prevent cryptocurrency mining now
ESET PROTECT
Advanced
Get effective protection against cryptocurrency mining with ESET multilayered endpoint security solutions. Detect potentially unwanted (PUA) cryptomining scripts, cryptomining Trojan horses and benefit from a Ransomware Shield and LiveGrid® protection via the cloud and network attack protection. Combine ESET’s powerful scanning engine with ESET Cloud Administrator (ECA) and gain detailed network visibility.
