show image

Is cryptocurrency mining malware more dangerous than it seems?

Cryptocurrency mining malware may not pose as obvious a threat as ransomware, but it could be just as disruptive. That’s the conclusion of a new report from researchers at SecureWorks.

The firm’s staff have witnessed unauthorised currency mining during “almost all” client callouts over the last six months. Between May 2017 and February 2018, its cryptocurrency mining traffic alerts rose from 15,000 to 280,000.

Despite the malware soaring in popularity among criminals, SecureWorks’ Mike McLellan is concerned some businesses aren’t taking it seriously enough. “There is a temptation to downplay these infections as a bit of background noise,” he tells NS Tech. “But actually if it lands on something that’s critical to your business, it can have a really significant impact.”

In these cases, the business impact is more than just a sky-high energy bill. “Where our incident response teams get called out, it’s generally where an organisation has identified a big spike in processing power on one of their critical servers,” says McLellan. “They’re unable to use the application the servers are supposed to provide, and that’s really starting to impact them.”

Last month, thousands of websites – including several government platforms – were hit by cyrptocurrency mining hackers. The Information Commissioner’s Office, Student Loans Company and the Pensions Advisory Service were among those affected. Scott Helme, the researcher who identified the malicious code, told NS Tech at the time the affected organisations “got off lightly”.

The malware did not extract users’ personal information and the National Cyber Security Centre said there was nothing to suggest the public was put at risk. “This could have been much worse,” said Helme. “It could have gone under the radar for weeks. I’m hoping people will take that seriously and realise we got off lightly.”

SecureWorks’ research indicates that the targets had indeed been lucky to dodge other forms of malware during the attack. Based on its observersations, criminals who infect computers with cryptocurrency mining malware “can and will” deploy additional malware such as banking trojans.

“You can deploy it alongside other bits of malware, like banking trojans or keyloggers and they just continue to run in the background and generate money for you,” says McLellan. “There is a real risk of criminals bundling this up with some other threat and then that gets on your network as well. So obviously someone can install a cryptocurrency miner on your computer they can install other things.”

But it isn’t all doom and gloom. McLellan notes that if companies take basic steps to protect themselves against cryptocurrency miners, they will also reduce the risk of being subjected to other kinds of attacks: “If you employ two-factor authentication for your account. If you patch your servers and make sure they are up to date and the operating systems are current, you’ll be able to prevent cryptocurrency miners but you’ll also be able to prevent a whole bunch of other threats being able to affect you as well.”

He concludes: “There’s a risk of people ignoring it as a lesser threat, but also if you focus on it as a threat and mitigate that threat you’ll also mitigate a whole range of other things that could affect you too.”