Cybersecurity experts have observed a surge in illicit cryptocurrency-mining attacks, as interest in the profitable digital markets continues to soar.
Cyber criminals joining the gold rush are increasingly wriggling their way into internet-connected devices or a company’s public cloud system in an effort to mine cryptocurrency undetected and undeterred.
By using hijacked computing power to mine — a practice that uses an intensive level of processing resources to power blockchain transactions — hackers can effectively make their own digital money.
Cyber criminals are especially interested in targeting cloud computing, where they can use the high memory and central processing units (CPU) made available by popular data storage services.
“That is where we are really seeing the rapid increase in these types of attacks in public clouds,” Varun Badhwar, CEO and co-founder of cybersecurity firm RedLock, told The Hill.
“Once I can break in and I can get unauthorized access to somebody’s cloud environment, I can have unfettered access to turn on as many incidences as I want and use that to mine crypto.”
Over the course of just four days, Badhwar said, an organization lost roughly $250,000 after its cloud environment was used to illegally mine cryptocurrencies — a financial loss he described as “par for the course” for the attacks since October, when RedLock first began discovering these attacks.
Several cybersecurity firms warned earlier this year about a growth in such mining attacks, but the attacks have continued to increase in frequency. Prominent companies like Tesla have also made headlines after their systems were compromised.
Justin Fier, a security analyst for cybersecurity firm Darktrace, said he has observed a massive spike over the course of the last four months of unauthorized crypto-mining in his company’s client network — both from outside hackers and his clients’ own employees using company computing power to mine.
An inside job, he said, could be someone with privileged access to computer systems within an organization, like a systems administrator who manages thousands of servers at a data center. This employee could then exploit their insider status by co-opting the computer power at their company's disposal to mine the online currency without proper authorization.
The payout for co-opting devices appears relatively small compared to the financial earnings hackers can get by exploiting cloud services, unless hackers can commandeer a large number of available devices.
Cisco’s Talos security team found the average system producing the cryptocurrency Monero — a digital currency favored by hackers both because of its privacy protections and because its mining community is less dominated by massive computer farms — could produce $0.25 per day, the company said in a January report. If the hackers amassed 2,000 victims, which would not be hard for skilled cyber criminals to do, they could generate $500 per day, or $182,500 per year.
Fier cautioned that it is hard to quantify the exact profitability of an attack because the prices of the digital coins vary across the different exchanges. In the case of one of Fier’s clients, hackers controlling roughly 300 devices for mining made only $3.50 over the course of one day.
With a vast amount of computer power diverted towards mining, companies’ business operations could be brought to a full stop for days or weeks at a time, according to a report released earlier this year by CrowdStrike.
Fier also warns that any device with an IP address can become an “asset,” projecting that hackers will soon seek to harness the power of ordinary internet-connected devices like thermostats, refrigerators, conference room televisions and light bulbs.
“If you look at ransomware two years ago, you can see a very steady progression and see how it’s morphed and adapted and changed. And I think we are going to continue to see that with crypto-mining,” Fier told The Hill.
Gaurav Kumar, the head of RedLock’s Cloud Security Intelligence team, told The Hill that roughly 10 percent of the enterprise cloud systems in their client base have been compromised. He said they expect to see this number to climb upwards as hackers become more sophisticated.
Experts warn that there are not enough organizations monitoring or paying for services to uncover illicit mining, which can also be hard to trace if security experts aren’t actively looking for it.
New lines of attack also emerge regularly for hackers looking to illegally mine cryptocurrency — from botnets to cheaply sold malware that clones popular websites with spam built into them.