Nearly all of us use a computer of some description today to do our daily activities, be that a desktop, laptop or tablet. For the sake of convenience or mere time saving many of us leave our computers turned on overnight too, as it takes a long time to boot up and log in first thing in the morning. However, there may be other people (or processes) using your computers and your electricity (with some statistics stating that could be over $600USD per year) for their gains. This will not only cost you more in terms of electricity used, but it could also be shortening the life of your PC and its battery (if laptop/tablet).
Bitcoin mining is a growing issue. Recent reports indicate that there are several malware variants that are installing bitcoin mining software and with the price of cryptocurrencies steadily increasing it is likely that this will continue to be a growing trend for 2018. The worst part of all this is that it’s not new. It’s certainly been an issue since 2011 (as reported by Trend Micro in their blog here) yet it’s still happening.
And it’s spreading. In another blog by Trend Micro, they had detected that attackers had abused Google’s DoubleClick which is used for serving internet adverts and that there had been a near 300% increase in a week in the number of Coinhive miners active. The BBC also reported recently that, among many others, UK Government websites had also been compromised. They also reported that one website was giving people the choice to block adverts and use their unused processing power instead.
How do you stop it? Well, the first point is to stop the malware getting in. There are several avenues that it can get installed and one of those is via a phishing mail. Enticing users to click on links to install something they want, whilst installing something they don’t want in the background. User education and training is key to stopping this and other phishing attacks.
Another is via drive-by download or as a web-hosted application such as Coinhive. Visiting an infected site that has the malware installed or a mechanism to install it is another common method. Using a web-proxy, web-gateway or some sort of filter between the endpoint and the internet should help filter out any malicious traffic.
Then there is the endpoint itself. You’ve gone to a site, clicked on a link or something else, the endpoint solution should recognise the software is not authorised. White-listing (or black-listing) applications will ensure only what you want to run on your device actually runs on it. This can be controlled via Group Policy or through some other endpoint policy enforcement.
As has been said many times before, layered security is the best form of defence. At Secon Cyber we work closely with a number of leading technology partners to implement cyber security solutions to address issues such as Bitcoin mining., breach prevention and ransomware attacks.