• United States




Beware! Hackers want your… computing resources?

Nov 30, 20174 mins

To make cryptocurrency, hackers tap into your computer for more processing power.

cryptocurrency digital coins
Credit: Thinkstock

If your computer is running slower these days, it could be because hackers are using it to make money. Literally.

They’re surreptitiously hijacking machines – in some cases, hundreds or more at a time – for personal gain. But in this case, unlike the stealing of corporate data, they don’t represent a major threat. They simply want to tap into your computer’s central processing unit (CPU) to make cryptocurrency.

The activity has risen in popularity as cryptocurrency value continues to soar. In November, the most well-known of cryptocurrencies, bitcoin, reached a record high of $8,101.91 after starting the year at just under $1,000. Hackers have, of course, taken an interest in the market, since they like to go where the money goes. Besides, it gives them a new revenue stream to pursue, as opposed to more extreme and illegal acts such as ransomware, which is getting “messier” by the day thanks to stepped-up law enforcement.

However, it takes plenty of processing power to solve the complex, mathematical equations needed to create the digital coins. That’s why the hackers who are “mining” for cryptocurrency infect the computers of unsuspecting users, to “borrow” the power in the interest of making more money, faster. It doesn’t matter if you use cryptocurrency either; the hackers are only interested in your processing power so, really, any device provides value to them.

Not surprisingly, “cryptomining” is emerging as a big business.

In September, Kaspersky Lab reported the discovery of botnets which were distributing mining software through users’ voluntary installation of adware programs. “Zcash” and “Monero” are popular cryptocurrencies for the botnet activity because they have lower market value than bitcoin and, thus, are less complex and easier to mine. They also have cryptographic features which make it harder to trace transactions – all the better to fly under the radar. In 2013, Kaspersky reports that it was protecting 205,000 global users from the threat. This grew to 701,000 by 2014 and, within the first eight months of 2017, to 1.65 million.

Then, in October, AdGuard reported that 2.2 percent of the top 100,000 websites were using cryptomining scripts – up from “near zero” within just three weeks. An estimated 500 million users are potentially vulnerable, and the websites earned $43,000 from cryptomining during the three-week period. Press reports have linked a wide variety of sites to the practice – including CBS’s Showtime; Pirate Bay, a peer-to-peer file-sharing index for digital entertainment that has encountered legal difficulties over copyright infringement; and even the official website of soccer star Cristiano Ronaldo.

Now, from an enterprise IT professional or manager’s perspective, cryptomining isn’t exactly something to worry about at night. As indicated, the hackers are after computing power, not the usual “crown jewels” of proprietary information and customer data. Victims don’t even realize that they’re victims. Yes, they lose a bit of machine functionality – their internet may run a bit slower or some programs might take longer to start up – but that’s about it.

That said, the hackers are establishing a presence on your employees’ devices and, therefore, your network. Given this, you don’t want to encourage the activity or otherwise turn a blind eye to it. If the hackers are using a vulnerable platform, for example, the platform’s risk problems become your company’s risk problems. So you should take the following steps to discourage cryptomining inside your enterprise:

  • Keep signatures up to date. Regardless of the intent behind it, cryptomining programs are still malware and so are the payloads used to gain and maintain access. When your signature tools are current, you’re better positioned to recognize the malware at several points and remove it.
  • Monitor developments via Windows Task Manager, to find out which memory and CPUs are getting an unusually strenuous workout. Also, cryptominers like to work in groups. They join peer-to-peer networks to collectively combine computing power and accelerate the production of digital currency. You can identify this abundance of group activity through capable security content using a variety of tools.
  • If you pay for cloud services, watch out for fluctuations in your monthly bill. A cryptominer-causes CPU usage spikes and instance replication that will lead to higher charges.

Sure, as far as cyber schemes go, cryptomining is one of the more benign ones. No data gets stolen. No one gets hurt. Processing power takes a small hit, but this amounts to, at most, a minor irritation rather than a techno-crisis.

Still, you need to exercise vigilance for all forms of malware – even malware which isn’t quite as ill-intended as the rest. By taking proactive steps toward enterprise-wide protection, you ensure that cryptominers will look to “cash out” elsewhere.


Stephen Coty, Chief Security Evangelist at Alert Logic, well-known for his colorful black hat/white hat career, is a member of ISSA, Infragard and the HTCIA, and formally ran Alert Logic’s Threat Research Team building threat content and delivering threat intelligence to partners and customers. Before coming to Alert Logic he was the Manager of Cyber Security for Rackspace Hosting.

Stephen has been in the information technology field since 1993 with a focus on security as of 1999 where he started as a penetration tester and auditor.

The opinions expressed in this blog are those of Stephen Coty and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.