Page 232 - Cyber Defense eMagazine August 2024
P. 232

could spell trouble for organizations with vulnerable technical infrastructures, many of which do not realize
            they are at risk of exploitation from illegal crypto mining operations.

            As such, business leaders  should familiarize  themselves  with the tactics  cyber criminals use to exploit
            tech infrastructure for crypto mining, and understand how they can prevent it.


            Legal vs. Illegal Crypto Mining

            Cryptocurrencies  were invented  to establish  a decentralized  form  of payment,  meaning  that banks  or
            institutions had no control over their use and distribution. However, to protect against inflation, new crypto
            coins must be "mined,"  a process  that involves  solving complex  mathematical  problems.  This  process
            not only validates  transactions and secures the blockchain  but also controls the coin supply to prevent
            inflation, thereby adding security and integrity to the network. It’s worth noting that newer guidelines exist
            for some cryptocurrency  that doesn’t require mining, but mining is, by-and-large,  still a large part of the
            process today for many currencies.

            That said, in the early days of Bitcoin, it was possible to mine crypto coins with a standard PC, but the
            increasing  popularity  of  cryptocurrencies  has  decreased  the  number  of  generated  units  to  prevent
            inflation. This means that crypto miners need much more computational power and resources, with many
            now renting hash services from a cloud mining provider to perform the same job.

            While many crypto miners obtain their support through legitimate means, the high costs of legal mining
            operations  have  inspired  some  to seek  support  illegally  with the  help  of botnets.  This practice  allows
            miners to make as many computers as possible part of one network, without the consent of the user.



            Forms of illegal crypto mining

            Bad actors can engage in illegal crypto mining through two primary methods: the injection of JavaScript
            commands and crypto-jacking  via malware.
            The first method exploits popular crypto mining programs, such as the now-defunct Coinhive. Since most
            crypto  mining  programs  run  on  JavaScript,  bad  actors  deploy  scripts  across  websites  and  browsers.
            When users visit these crypto mining websites,  the script forces the users' devices to engage in crypto
            mining without their notice or consent, sometimes even utilizing the full processing power of the device.

            The  second  method,  crypto-jacking,  is  much  more  serious.  Cybercriminals  will  often  deploy  malware
            specifically designed to exploit digital infrastructure, often through links to infected websites and pirated
            software.  Users  will unknowingly  click links  or download  software,  deploying  malware  that  runs in the
            background.  Due to the large amount of computing  power needed to support  the mining,  criminals will
            throttle the software to avoid detection. Crypto mining malware can consume up to two-thirds of a victim's
            computer power, making detection even more challenging for users.








            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          232
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   227   228   229   230   231   232   233   234   235   236   237