According to Kaspersky Lab data, 2.7 million users were attacked in 2017 by malicious miners – almost 1.5 times more than in 2016(1.87 million). During the second half of 2017, cybercriminalsmade over US$7 million using cryptominers.
Employees vs. malware
For businesses, the danger of unauthorised cryptomining comes simultaneously from two sides. On the one hand, it can be caused by employees who want to gain a few (or lots of ) coins using their organisation’s computing capacity.
It can also come from an external threat that is distributed in the form of malware. With the help of a malicious program that can reach the victim’s computer via phishing emails, unreliable external media or even via the browser, cybercriminals can harness the computing power of corporate computers and use it for mining.
In both cases the consequences are the same – a decrease in PC or server performance, greater wear and tear of equipment and increased power consumption, which can all cost the company dearly. And besides that, there is the fact the whole company’s IT infrastructure is compromised and all the related risks that brings.
Various internal mining scenarios can be envisaged depending on the size of the business. In small companies the miners are usually the employees themselves. In bigger companies with bigger computing capacities, mining is more likely to be performed by the system administrators. They have access to the infrastructure, the tools for creating a mining farm and the ability to bypass detection by security solutions.
More than just mining: associated threats
There are known cases when cybercriminals have created a botnet made up of machines infected by miners for the mass mining of cryptocurrencies. Once the cybercriminals have achieved that, what’s stopping them from putting that botnet to other uses, such as data collection, spying on users or launching a powerful DDoS attack, for example.
Some cryptominers use the same vulnerabilities as other malware. For example, the notorious EternalBlue vulnerability is also exploited by the cryptocurrency malware WannaMine, and this brings us back to the problem of perimeter protection, and endpoint security in general. Without knowing there is stealthy miner malware running in the corporate network, the IT and information security departments will be unaware of a security breach in the network that could become a doorway for a more serious threat, for example, ransomware or a sophisticated targeted attack. In such cases, the implications can be far worse than just a hefty electricity bill.
Protection against cryptominers – on the ground and online
Both in the case of the company’s resources being secretly used by employees and in the case of mining from outside using malware, there are preventive measures and solutions to protect workstations and the network.
To check if employees are secretly misusing corporate resources, you need to look for anomalies in electricity consumption. These are the main indicators due to the nature of cryptomining: when one mining task is completed, computers switch to idle mode until the next task arrives, hence the telltale voltage spikes.
However, it’s far more important for an anti-mining security strategy to quickly detect unwanted components or suspicious activity on corporate networks and devices.
As stated before, cryptominers are yet another type of malware, so desktop-level security tools must be used to protect against them. It is very important to use a complex, multi-level security solution that can recognize traffic, distinguish between malicious files and harmless ones, including through machine learning, control applications, and monitor vulnerabilities in programs and devices within the corporate network.
One more reason to secure your workstations
Malicious miners, like any other malware, are just one of the many potential threats facing modern businesses that embrace digital transformation. Digitisation of business makes IT infrastructures more complex and blurs the boundaries of the corporate perimeter: an employee’s workplace is no longer limited to his/her workstation or laptop. Staff members, irrespective of their physical location, have access to virtual desktops and applications from their smartphones or tablets. Kaspersky Lab’s research found that 42% of organisations that allowed their staff to work remotely reported an increase in their business efficiency.
Nowadays, a company looking to secure itself against cyberthreats needs to have the tools to automatically control and manage the security of its entire workplace fleet. Make sure your security products provide several levels of protection and allow you to manage configurations for all the workstations and servers in the corporate network.