Cryptominers in da house

The recent explosion of the bitcoin exchange rate has catapulted cryptocurrencies into the news headlines. But what does that mean for IT security? Should we be worried? I will argue: Not more than usual!


Photograph by Xiang Gao


Most people think of bitcoins when they hear the term «cryptocurrencies». But in fact, there are many different cryptocurrencies out there, with different properties. Examples include Monero, Dogecoins and many more. What they all have in common is the usage of a cryptographic algorithm, the so-called blockchain, as a basis to secure transactions. The blockchain stores all transactions done in a given currency in a cryptographically secure way. There are many good explanations of the blockchain available, so we'll skip this here. What is important to know, is that creating a new block is a computationally intensive process, i.e. it requires CPU cycles, which in turn require electrical power. A person calculating a block gets, some of the cryptomoney as a reward. This process is called mining and is set up in a way that subsequent blocks are harder and harder to mine, in terms of CPU usage.

Make money fast...

Thus, mining bitcoins, for example, is not profitable anymore, that is as long as one has to pay the power bill oneself. If, however, someone else pays the power bill things look different.

Criminals, always in for a quick buck, have noticed this and started mining on other people's systems. This is either done by installing a virus on a victim's computer, or more recently by using web browsers' abilities to execute JavaScript code. In the former case, malware is run like any other malware. In the latter case, a web page delivers a piece of code that then runs on the victim's computer, sometimes advertised in fine print, but more often without the consent of the user.

So what?

One could argue that this is not one of the most pressing problems security professionals have today. Indeed, CPU-hogging malware is probably discovered quickly and can be removed. Someone stealing a bit of electricity is not nice, but hey worse things can happen, can't they?

The issue here is not what damage is created, but that someone else is controlling your infrastructure. Mining malware might, in fact, first steal your data and only then start mining. A mining Java script might just as well try to exploit your browser and do more damage. So malicious cryptominers are in fact a sign of bad internet hygiene. And that is something security professionals should be concerned about.

What can be done?

The answer to this question is always the same: keep your networks clean, that is make sure email does not carry malicious content into your organization, that web proxies filter out the bad stuff, and that up-to-date software prevents criminals from exploiting networks. This is best practice. But criminals still can get in, there is no absolute security. Thus, discovering attacks is important to reduce losses.

Open Systems can help you reach an even higher level of cyberhygiene. Find out whether you are protected against hidden cryptominers and other cyberthreats with Open Systems' free web security test tool: online-security-check

Serge Droz image

This post was written by Serge Droz, Vice President OS-CERT at Open Systems.

For more information, contact