Cisco Blogs
Share

Perspectives on Cryptomining


April 26, 2018 - 0 Comments

If you keep up with trends in security, you’ve likely heard about illicit cryptomining – software that hijacks system resources to generate cryptocurrencies. We’ve been busy updating our product portfolio to detect and protect against this new class of threat. We released a paper on illicit cryptomining last week on the threats it may introduce and ways that we can help protect your assets from exploitation.

Our Cisco Talos threat intelligence team had reported in January on the upswing of illicit cryptomining, especially after the rise in value so many cryptocurrencies had experienced. It’s a relatively simple and dependable way for the bad guys to generate cash, so much so that the Talos team is seeing a shift away from ransomware to cryptomining. When you consider that only about one third of ransomware victims pay the ransom, you can see why cryptomining is becoming attractive.

In the paper we point out that, while cryptomining currently accounts for a small proportion of today’s threat landscape, the threats introduced by cryptomining may be more impactful for different industries. Take industrial control system (ICS) devices, as just one example. ICS power much of our critical infrastructure and those devices are often purpose-built with just enough system resources to perform their intended functions. The processing resources required for cryptomining can be enough to overwhelm such devices potentially causing service delivery degradation or outage. That’s, shall we say, not optimal for something like a power grid.

We expect the bad guys to continue to innovate, and it looks as if that’s exactly what’s happening. The subject Talos’ most recent research is a cryptocurrency called Bitvote, and while it has yet to turn much of a profit for its illicit miners, the methods used to mine Bitvote show a different level of sophistication than what Talos has previously seen. (You can find their blog post on Bitvote here.) We are still in the relatively early days of illicit cryptomining, but it’s safe to say that we can only expect to see more sophisticated players enter this arena, assuming profits remain easy.

For more extensive technical information and recommendations on how to defend against different methods of attack, get the full cryptomining whitepaper.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.