March 2018: Did you know there are now 1,519 different cryptocurrencies in use (Bitcoin was the first) and that proliferation can negatively impact your IT network?
For cryptocurrencies to work, they need computing power. Cryptography is the foundation of cryptocurrencies (hence the “crypto”) and it involves complex mathematical equations that are solved by using computing resources — yours possibly included. Here’s what you need to know:
Cryptocurrencies are based on an invention called a blockchain. A blockchain is a ledger or list of records (blocks) that are linked and secured using cryptography, or codes (keys). Rather than using a central authority like a bank to verify a transaction, the transaction of sending and receiving funds is verified by a process involving a combination of public and private keys, which is called mining. The more transactions that take place, the more mining that’s needed.
Cryptocurrency mining and the need for computing power
Cryptominers are competing behind the scenes for the fee that’s paid for each verified transaction. To be a miner, all you need is a computer and a special program — in theory. However, the Graphics Processing Unit (GPU) in most computers isn’t powerful enough to compete, so a miner needs a lot of GPUs. The most successful miners have tons of GPUs working for them, and cryptocurrency mining is a lucrative business.
Established Bitcoin miners have enormous data centers with thousands of machines. It’s tough to compete with these particular miners but it’s not as difficult to compete with miners of other cryptocurrencies. Miners are joining open pools to combine resources and invest in a lot of GPU power. As a result, GPU manufacturers AMD and Nvidia can’t keep up with the demand, and the market is experiencing a worldwide GPU shortage.
So, some miners are looking elsewhere for computing power.
Compromised networks: what to look for
Not only is it tough to find GPUs, it’s expensive to own and run computers for cryptomining. Miners need electricity, internet access, air conditioning, fans, cables, and more. Often, it’s easier to just hack into someone else’s network and use their stuff.
Websites can also be compromised by unscrupulous miners. This is called cryptojacking. When someone visits a compromised site (usually by opening an infected image file or following a link), their computer or phone can be infected with malware and used for mining or they can be redirected to malicious servers. Enterprises are often targets of cryptojacking schemes.
If your computers have been experiencing problems like sluggish performance or slow internet, your IT department needs to know. Your IT team should be looking to see if your antivirus software is finding and blocking malware and if there are spikes in your energy or data usage. These kinds of problems can be caused by other things but with more than 1,500 cryptocurrencies to be mined, your IT team needs to keep an eye out for signs that could indicate fraudulent use of your network for cryptomining.
A seriously infected system could disrupt business operations for days.
Is your computer being used by secret cryptominers?
You can do a quick check of your own computer to see if it might be compromised. Look at the Task Manager on Windows and Activity Monitor on Macs to check the activity of your Central Processing Unit (CPU). You may not know what normal usage looks like but if it looks like there’s a huge percentage of CPU use going to a browser usage, someone could be using your computer for mining. Call your IT tech so they can remove the malware and determine if the network has been affected.
How to avoid cryptocurrency risk from miners and scammers
Where there’s money to be made, there’s motivation for bad actors. Make sure to:
- Keep all your antivirus and firewalls up to date
- Follow all security protocols
- Inform and train employees on the increased risk
- Monitor your network for abnormalities
If you trade in cryptocurrencies, you’re probably aware of the inherent risks — the markets are volatile and your funds aren’t insured, for starters. Also, beware of “initial coin offerings” or ICOs (they could be pump-and-dump scams), know how to protect your digital wallet from cryptocurrency-stealing malware, know your smartphone can be a target of phoneporting, and that cryptophishing is now a thing.
As with all things digital, Leapfrog has been keeping an eye on cryptocurrencies since the successful Bitcoin proof of concept in 2009. There was a time when we thought it might fizzle out but it rebounded, making millionaires along the way and getting buy-in from global brands and entire countries — even banks. One of the ripple effects of the current craze is Leapfrog needs to monitor for the type of secret activity that could indicate one or more of the networks we manage is being used for cryptomining. Last month we were able to find and eradicate cryptomining malware that had targeted some of our clients who use Kasea, an enterprise management platform. This was the first time we’ve encountered cryptomining malware but we’re confident it won’t be the last! Our team is well-prepared and alert to any signs of cryptomining.
If you think your network security might not be up to the standards that can enable you to spot, stop, and eradicate new malware of any kind before it impacts your business operations, we invite you to contact Leapfrog.
If you liked this post, don’t forget to subscribe to FrogTalk, our monthly newsletter.