The multi-billion dollar cryptocurrency industry running on mining software may become vulnerable to cyberattacks and lead to higher electricity and cooling costs, a Sophos report has revealed.
According to his latest threat report, he explained that cryptocurrency mining software consumes computing power to
perform cryptographic work in the hope of earning new "coins" (tokens).
“For many cryptocurrencies, mining requires specialized hardware with graphics processing units dedicated to mining.
processing hungry job. But there are still opportunities for exploitation of general-purpose hardware to mine cryptocurrency, and there are vast, self-propagating mining botnets that still try to exploit vulnerable systems and steal processing power for profit.
“While such malware does not affect organizations' data, it does drain computing resources and increase electricity and cooling costs. And miner malware is often the precursor to other malware, as it is typically deployed via easily exploitable software and network vulnerabilities,” the report reads in part.
Due to its popularity, cryptocurrencies have become the target of cybercriminals who are increasingly carrying out ransomware attacks, hacking into and shutting down computer networks. They often require payment in cryptocurrency to restore them.
Sophos noted that most miner malware targets Monero (a cryptocurrency), for various reasons. Kind of job
required to produce XMR does not necessarily require specialized graphics cards, which means that it can be mined with servers that do not have much graphics hardware. And XMR is less traceable than many other cryptocurrencies, making it more attractive to criminal activity.
“Miner bots are often the first malware to exploit newly published vulnerabilities. The Java Log4J vulnerability and the Microsoft Exchange Server ProxyLogon/ProxyShell exploits were quickly exploited by mining botnets. In many rapid response ransomware cases, Sophos first responders found evidence of mining malware using the same initial compromise point as the ransomware, in some cases months before the ransomware attack.
“Miners are also a cross-platform problem. While many of the miner malware bots Sophos detects are Windows-based (and take advantage of PowerShell and other Windows scripting engines to install and
persist), there are also Linux versions of these botnets, often targeting unpatched network devices or web servers,” Sophos added.
The report described XMR miners as still prevalent and popular, while fluctuations in the value of some cryptocurrencies have had an effect on mining operators.
Sophos concluded: “As the value of XMR has declined, the profitability of mining botnets has declined and appears to have had an impact on the amount of effort bot operators put into growing their mining.
pools. Some fluctuations in miner deployment detection rates have followed fluctuations in the value of XMR, as shown below. Note in particular the mid-June drop in both XMR value and miner detections.”
