The trillion-dollar industry of crypto which runs on mining software may become vulnerable to cyberattacks and lead to higher electrical and cooling costs, a report by Sophos has revealed.
According to its latest report on threats, it explained that cryptocurrency mining software consumes computing power to
perform cryptographic work in hopes of earning new “coins” (tokens).
“For many cryptocurrencies, mining requires specialised hardware with graphics processing units dedicated to the
processing-hungry work. But there are still opportunities for exploitation of general-purpose hardware to mine cryptocurrency—and there are vast self-spreading networks of mining bots that still attempt to exploit vulnerable systems and steal processing power for profit.
“While such malware does not impact organisations’ data, it does sap computing resources and raises electrical and cooling costs. And miner malware is often the harbinger of other malware, as it is usually deployed via easily exploitable network and software vulnerabilities,” part of the report read.
Owing to its popularity, crypto has become the target of cybercriminals who have increasingly carried out ransomware attacks, by which they hack and shut down computer networks. They often demand payment in cryptocurrencies to restore them.
Sophos noted that most miner malware is focused on Monero (a cryptocurrency), for a number of reasons. The type of work
required to produce XMR doesn’t necessarily require specialised graphics cards, which means that it can be mined with servers that don’t have much in the way of graphics hardware. And XMR is less traceable than many other cryptocurrencies, making it more attractive for criminal activity.
“Miner bots are often the first malware to exploit newly published vulnerabilities. The Log4J Java vulnerability and the ProxyLogon/ProxyShell exploits of Microsoft Exchange Server were quickly leveraged by miner botnets. In many Rapid Response ransomware cases, Sophos responders found evidence of miner malware using the same point of initial compromise as the ransomware – in some cases months before the ransomware attack.
“Miners are also a cross-platform problem. While many of the miner malware bots Sophos detects are Windows-based (and leverage PowerShell and other Windows scripting engines to install and
persist), there are Linux versions of these botnets as well — often targeting unpatched network appliances or web servers,” Sophos added.
The report described XMR miners as still prevalent and popular, while fluctuations in the value of some cryptocurrencies have had an effect on miner operators.
Sophos concluded, “As XMR’s value has dropped, the profitability of miner botnets has declined, and it appears to have had an impact on how much effort bot operators make to grow their mining
pools. Some fluctuations in detection rates for miner deployments have followed the fluctuations in XMR’s value, as shown below. Note in particular the drop in mid-June of both XMR value and miner detections.”