I had been considering the cybersecurity impacts of cryptocurrency mining for several weeks when I saw the recent episode of HBO’s Silicon Valley, where it served as a laugh-out-loud recurring gag.
Throughout the episode, the character Gilfoyle — a gruff, deadpan systems architect — keeps unnerving his coworkers with a jarring blast of the two-second song “You Suffer” by British extreme metal band Napalm Death.
“It’s an alert,” Gilfoyle explains. “Whenever the price of bitcoin dips below a certain value, it is no longer efficient to mine. When it comes back up, it is. I need to know when it breaks that threshold so I can remotely toggle my rig at home … bitcoin is very volatile.”
Clearly, mining bitcoin is now decidedly mainstream, and not just for comedy gold. For many organizations, bitcoin mining gets less amusing as it increasingly forms the motivation for malware and cyberattacks.
When episode writer Carrie Kemper uses the word “volatile,” though, it is an understatement. In April 2015, the value of bitcoin hovered around $230. Last December, it hit a high of nearly $20,000. The following February, it was down to $7,000.
When its value was a couple hundred dollars, bitcoin “mining” wasn’t cost-efficient. It requires a fast internet connection, creates electricity costs through power consumption and cooling, depletes storage space and takes time. When the value of a single bitcoin began to skyrocket, so did the profitability of bitcoin mining — and investment in it.
Couple that rising value with increased competition and a depleting supply of bitcoins and the result is an increasingly serious cybersecurity problem.
About 17 million of 21 million bitcoins have already been mined. As more bitcoins are mined, the system increases the difficulty of the cryptographic hashes that must be solved. Bitcoin also cuts the number of coins awarded to a miner in half every 2.1 million blocks. In July 2016, the reward was halved from 25 coins to 12.5. In May 2020, it will drop to 6.25 coins.
With fewer bitcoins left and fewer coins awarded for mining, the primary way to boost profits is to lower operating costs. Namely, the power consumption of running and cooling massive banks of servers. Even with a potential payoff of $100,000 per block added, those costs are not insignificant. In the U.S., depending on electricity rates, the cost to mine a single bitcoin ranges from $3,200 in Louisiana to nearly $10,000 in Hawaii.
Bitcoin miners offset these costs with malware. The malicious scripts are installed on computers — spanning the personal to the enterprise levels — that run bitcoin mining software disguised as legitimate programs. In 2017, the Pirate Bay was caught generating revenue by secretly using the central processing unit (CPU) power of millions of visitors to mine cryptocurrency monero. It was their alternative to the ad overlays that reduced the user experience of accessing pirated content.
This is not just a problem for those who visit torrent sites. Recently, hackers targeted more than 400,000 computers — in Russia, Turkey, Ukraine and elsewhere — to install bitcoin mining malware. Facebook, YouTube and Messenger have all experienced attempts to infect users’ PCs and even smartphones to mine different cryptocurrencies. The explosive proliferation of mining malware has led some to call it an epidemic, and “the new ransomware," but it comes without all the messy, labor-intensive trouble of demanding ransoms.
It’s not just bitcoin, either. To compete with bitcoin, the cryptocurrency monero (currently valued at about $300) — like litecoin and others — utilizes an algorithm that works on PCs with normal CPU power. As mining malware becomes a more common alternative to advertising, there are growing services dedicated to providing simple plugins for WordPress and other content management systems — which may drive an increase in popularity for bitcoin cryptocurrency alternatives like monero and ethereum. Given the greater anonymity of many alternative cryptocurrencies, and the ease of mining compared to bitcoin, it is not hard to imagine a growing pandemic of botnets and malware.
Cryptocurrency mining is not just about a slow running PC, though. Some mining malware is so aggressive that it can literally melt a smartphone. At the enterprise level, the increased CPU loadsfrom mining malware can lead to hardware failure, huge drains on energy consumption, entire systems unable to do mission-critical tasks and literally thousands of infections on a single network. It also provides a frontline and laboratory for malware and cyber threats that are increasingly widespread, difficult to detect and technically complex to remove manually.
Because much cryptocurrency mining malware is fileless, it is exceedingly hard to spot. Chief security officers (CSOs) should not depend on traditional virus protection but should instead instruct their organizations to vigilantly watch out for signs of infection. These include strange spikes in CPU and graphics processing unit (GPU) use, dramatic slowdowns of their systems and even overheating.
This is more of a stopgap than a solution. More sophisticated attacks (registration required) now monitor CPU usage and limit the processing power stolen to less than 50% to avoid detection. While an educated user base is always a critical component of cybersecurity, a strategic plan for preventing these attacks will serve an organization better than one that spots them after they have hit. That plan should be implemented sooner rather than later.
Imagine the continued growth of mining malware targeting bitcoin alone — and then consider that there are more than 1500 different cryptocurrencies, with more emerging each day. Each could provide the foundation for different types of malware. Add to that a growing awareness of the financial potential — or merely the perception of financial potential — of mining with malware, and it is easy to see how topics that play for laughs today could quickly become the catalyst for much more sophisticated attacks with much greater levels of malicious intent.