WHAT IS CRYPTO-MINING
Crypto-mining is an act of mining crypto-currency to yield financial benefits. Crypto-currency is virtual money that is distributed over cyberspace and doesn’t have backing of financial institutions. For this reason, its record keeping is maintained through distributed ledger rendering it tamper proof. Its value is derived by uncovering or creating the coins by solving complex mathematical algorithms contained in the ledger, a process known as crypto-mining.
Some popular crypto currencies are Bitcoin, Ethereum and Monero.
CRYPTO-MINING PROCESS & TECHNIQUES
Crypto-mining is a specialized job which requires high performance computing rigs – these days powered by Graphical Processing Unit (GPU) cores – to fulfil extraordinary computing requirements. The rationale behind concealing this currency behind convoluted algorithms is to elevate mining intricacy to a level that makes it extremely difficult to uncover, thereby, increasing its worth and value, and consequently making it feasible only for a small number of miners who can afford and sustain such demanding computing stations. But this uphill task hasn’t deterred small time players to jump onto the bandwagon who realize financial gains are plentiful. Such mining jobs are also power intensive, and the operators must keep electrical costs in mind by weighing power bills incurred against profits earned. If the miner can find a nice equilibrium, windfall profits can be reaped, especially since the value and trade of crypto-currency took off and hit all time high in 2018.
ILLIEGAL MINING THROUGH POOL-BASED METHOD
The lucrative business of crypto-mining has also brought malicious crypto-miners to fore who have been intimidated by stringent checks and blockages on traditional cybercrime activities by sophisticated endpoint solutions. And even though crypto-mining entails expensive set-up and recurring energy costs, it hasn’t deterred malicious actors who have found an innovative solution – pool based crypto-mining. If the mining process can be diverted to machines of unsuspecting users, their computing power could be harnessed. In effect, this process pools resources of multiple users into a single resource. This is also the perfect routine, since the illegal crypto-miner is usually not stealing any information or locking the host out, but only tacitly diverting the host’s computing power for mining purposes. This allows illegal miners to set-up shop without spending anything on expensive, dedicated mining stations.
MALICIOUS CRYPTO-MINING DEPLOYMENT & THREATS
Crypto-mining software installed by genuine miners is the same as that being installed on machines of random targets by malicious miners without their consent. This type of crypto-mining may be mounted on unwary users’ systems through multiple techniques, some of which are standard malicious software deployment methods:
- Exploiting browser plugin vulnerabilities
- Email attachments
- Trusted system process running encrypted communication
- Exploitation of loopholes in server-based applications
- Exploit kits – exploiting susceptibilities in Adobe Flash based applications
Illicit miners usually distribute the overhead of processing power and resultant electric costs to users over the internet. This overhead penalizes users in terms of loss in system performance and inflated energy bills, a fact that is significant at enterprise levels which employ computing stations to runs on a continuous basis.
Apart from consuming extra power and negative impacts on system performance especially in case of large organizations and industrial units, the power bills could see a noticeable increase. Malicious miners don’t use the affected systems and networks for other cybercrimes as it’s in their interest to maintain a low profile while mining behind the scenes by consuming computing resources only, a process not usually flagged as malicious activity.
Over time considerable crypto-mining traffic has been witnessed on the DNS layer with a rapidly escalating trend as multiple crypto-currency platforms have been successfully launched over the years. Illicit mining has also grown in tandem, and steps must be taken to ensure protection of precious computing resources.