Crypto-mining: What you need to know about the newest cybersecurity and performance threat


This blog was originally posted by Concerto Cloud Services. Since then, Concerto Cloud Services has become DXC Concerto, the mid-market cloud offering within DXC Technology.

Bitcoin and cryptocurrency markets are consuming much of the talk around the proverbial IT department water cooler due to their increasing popularity and unprecedented rise in its value. Many early investors have unwittingly (and luckily) become overnight millionaires, while others who invested large amounts in volatile market upswings have learned hard lessons.

While many people don’t want to risk their hard earned money on direct cryptocurrency investments, many believe that participating in the mining of cryptocurrency is a safer option, with little to no risk. But crypto-mining poses both direct and indirect risks to your organization’s computing infrastructure.

What is cryptocurrency mining?

Cryptocurrency mining is the validating of cryptocurrency transactions by adding encrypted blocks to the blockchain. Miners utilize a computer’s processing power to solve a complex math problem (known as a hash) to establish a valid block, and receive a reward for their successful efforts. This reward is provided as a specific percentage of the block based on their contribution to the pool’s efforts to solve the problem. Such rewards make it possible to earn a substantial amount of cryptocurrency based on the speed in which your computer can solve these math problems. The more computers you have working on these problems, the more potential rewards you can earn.

A quick search of the internet will yield many tutorials on mining hardware and software solutions to get even the most basic user online and part of a mining pool in minutes. As the price of cryptocurrency continues to rise, the need to add more hashing power to a mining operation can become almost addicting. Many hardcore miners will invest thousands of dollars in high-end graphics cards or ASIC mining rigs to increase their hash rate in order to earn bigger and bigger payouts each day. The temptation can become so much at times, that it may lead some to use enterprise resources to expand their mining operation.

What does this mean for my business?

Cryptocurrency mining software poses both direct and indirect risks to your enterprise, and it is important to understand these impacts to your datacenter health as well as the financial implications to your bottom line.

Mining software installed on a desktops, laptops or servers has a direct impact to your business due to the fact that mining is very compute-intensive process. Extended use will create poor performance on the devices and/or servers running your business. These performance degradations can have a direct impact on your operations and customer experience.

Mining software will utilize all available CPU and can even prioritize its workload above that of the primary workload for that server. This extended, high CPU usage will also cause much higher electricity utilization and can increase costs across the data center by upwards of 40 percent. Additionally, this sustained utilization can also run the risk of early component failure rates within the device or server.

Indirectly, some Botnets distribute mining software that can access the underlying operating system, similar to the way malware affects a device. The presence of this type of mining software may well indicate that the device has been compromised and is open to many other exploits and security vulnerabilities.

How can I protect my business?

The first step is to establish a corporate-wide policy that prohibits the installation of any mining software on company owned and operated resources. This should include devices that may be owned by the employee but are permitted to connect to corporate resources.

We also recommend that you pro-actively block cryptocurrency mining across the enterprise. This can be accomplished by using the deep packet inspection (DPI) engine in your firewall. The simplest way to implement this is to configure a rule to detect and the block the JSON-RPC messages used by Stratum, the protocol mining pools used to distribute tasks among member computers. DPI rules can be configured to block based on three fields required in Stratum subscription requests:  id, method, and parameters.  Some DPI engines are not capable of inspecting encrypted traffic, thus blocking browser-based applications may be difficult as these run over HTTPS. In this case, it can be just as effective to block traffic to IP and domains associated with public mining pools.

While cryptocurrency mining may not be the biggest threat to your enterprise, its growing popularity warrants both awareness and precautionary measures. The risk of compromised devices, increased financial impact and malware infections should be cause for concern.

chuck-dyer-headshotChuck Dyer is the Senior Product Developer at DXC Concerto.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: