January 15, 2017
The topic of cryptocurrency mining has been a popular one in the Information Security office lately. With the speculation-fueled value of cryptocurrencies, such as Bitcoin, hitting record levels recently there has been a great deal of interest in the media and on campus. There has also been a lot of interest from malicious groups looking to make money on the digital currency craze. Since the beginning of December 2017, there have been several campaigns of malware aimed at installing crypto-mining software on impacted systems to generate profits for these bad actors.
What is Cryptocurrency Mining?
A cryptocurrency, such as Bitcoin, is a digital currency. New units of that currency are created through the process of “mining.” The mining process is a compute intensive task that effectively uses your computer’s processing power to verify and secure cryptocurrency transactions, and for your trouble you are rewarded with a small amount of that cryptocurrency in exchange. The actual reward is variable based on the currency you are mining, the number of other ‘miners’, the power of your computer, and the amount of time you run the mining software.
What is the Impact?
The primary impact of crypto-mining software is CPU utilization and power usage. Typically, crypto-mining software uses all free processing power on a computer pushing the utilization to 100% in order to mine as much as possible. As a user, this will impact your ability to use the computer for other tasks, will use much more electricity than normal, and will eventually reduce the lifespan of your system in the long run.
Crypto-mining Malware
As the prices of digital currencies have risen and media attention has increased, the motivation for malicious parties to exploit this has also increased. Over the past few weeks, there have been a number of attacks aimed at compromising systems to turn them into crypto-miners. In some cases, websites have also been using traffic to their sites to do crypto-mining as well. We have even heard reports of institutional servers being exploited for this same purpose. Here are a couple of links to related articles for reference:
- https://isc.sans.edu/forums/diary/A+Story+About+PeopleSoft+How+to+Make+250k+Without+Leaving+Home/23209/ [1] [January 2018]
- https://arstechnica.com/information-technology/2018/01/hackers-devise-increasingly-sophisticated-attacks-to-mine-cryptocurrency/ [2] [January 2018]
What is CCS Information Security Doing?
In order to protect University systems and data, the Information Security team has been keeping a close watch on the activity in this area. As part of our security monitoring, we have implemented additional monitors to specifically look for digital currency mining activity on our network.
Students, staff, and faculty are reminded to review the University’s Acceptable Use Policy (https://www.uoguelph.ca/ccs/infosec/aup [3]). While it is permissible to use University resources for limited personal use, the AUP explicitly lists the use of IT resources (which includes hardware, software, systems and network) for unauthorized commercial purposes as a violation. In cases where systems are found to be running crypto-mining software on campus, we will investigate it as a security incident.
Questions or concerns can be directly to the Information Security team (infosec@uoguelph.ca).
Written by: Stephen Willem (Manager, Information Security)
Image Source: Freepik [4]