Cyber Threat Alliance says illegitimate cryptocurrency mining has increased over the past few years

In a recent report, Cyber Threat Alliance [CTA] stated that there has been a significant increase in illegitimate cryptocurrency mining over the past few months.

According to the report, individuals and enterprises were subjected to both short and long-term threats. These threats to individuals and organizations might lead to harmful consequences thus making it important to take steps to protect their systems. Moreover, cases of cryptocurrency mining have increased by 459% in 2018 in comparison to 2014.

Cryptojackers mine cryptocurrencies by stealing the processing power of users computers, web browsers, internet-of-things [IoT] devices, mobile devices, and network infrastructure. The CTA members claim that illicit mining has not reduced despite the decrease in the value of cryptocurrencies.

The ‘Illicit Cryptocurrency Mining Joint Analysis’ also included the impact of EternalBlue on business organizations. Mining malware such as Adylkuzz and Smominru were being used to exploit victims. CTA quoted EternalBlue as an example for cryptojackers targetting old and unpatched devices with the help of disclosed vulnerabilities.

CTA stated illicit cryptocurrency mining as an indicator of more sophisticated problems. They further added that “mining is the canary in the coal mine, warning you of much larger problems ahead”.

The report stated that even inexperienced attackers are able to use malware to mine cryptocurrencies thus resulting in the victim’s CPU or GPU maxing out and damaging their IT equipment. The victims usually realize the problem only after the damage is done.

Furthermore, CTA stated that experienced attackers have started to hide their activity and remain undetected for a long duration. According to Palo Alto Networks, experienced attackers configure their mining software to only use 20% of the machine’s CPU resulting in the attack going undetected.

Illegitimate cryptocurrency mining can lead to reducing the performance of the victim’s computer and increasing the chances of mechanical failure of the system. They further added that enterprise environments have become a usual target because of their high-powered servers, and the availability of a large number of machines.