Bitcoin value has been steadily climbing over the last year. Between March 2022 and November 2022, Bitcoin prices crashed from over $47,000 to around $16,000, however rising investor confidence has pushed Bitcoin back up over the $35,000 mark in October 2023. As Bitcoin’s value goes up, so does the interest in cryptomining.
“You see an increase in criminal activity whenever the price of anything increases. When the price of copper goes up, criminals strip vacant buildings of any they can find; when the price of metals found in catalytic converters increases, cars get vandalized,” says Craig Burgess, a cybersecurity expert in Phoenix. “So, when Bitcoin prices go up, powerful computers become targets again.”
Businesses to keep an eye on
As ransomware attacks have fallen or leveled off, cryptojacking attacks are up almost 400 percent this year. Burgess advises managed service providers (MSPs) with clients that might be targeted, to make sure computers are not easy targets. Some businesses are more vulnerable than others. Schools, for instance, often have plentiful computing power that is often unused in the evenings and nights. “When Bitcoin goes up, a school campus full of computers is a ripe target,” Burgess says. Ethereum’s value has also increased, further making cryptomining lucrative.
Another type of business often targeted by cryptojackers includes architecture and engineering firms. These entities often have computers with powerful GPUs used for 3D modeling and graphic design. “A powerful GPU sitting there unused is a tempting target for a miner,” Burgess warns. And cryptojackers are evolving and coming up with new tools to start their mining operations.
Cybercriminals are leveraging a legitimate Windows tool called ‘Advanced Installer to infect the computers of graphic designers with cryptocurrency miners. The attackers promote installers for popular 3D modeling and graphic design software such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, likely through black hat search engine optimization techniques.
Burgess says it appears that cryptocurrency criminals are learning from earlier mistakes. Some methods that are being used cap GPU power usage at 75 percent and pause mining if the temperature reaches 70 degrees Celsius.
“This methodology makes the cryptomining more difficult to detect,” Burgess says. That is until the hijacked entity gets its electric bill. “If a cryptominer successfully commandeers your client’s computer network, the client will see a huge increase in their power bill,” Burgess says.
When prices fall, so does diligence
“We have noticed that over the past year, when Bitcoin prices plunged and cryptominers moved on to other projects, so did many MSPs. Preventing cryptojacking was moved down the list as ransomware and other crimes became more prevalent,” Burgess notes.
The combination of higher Bitcoin prices and lax security has made mining more accessible for the bad guys. “And while some people may view cryptojacking as harmless, you wouldn’t think so once you get the electric bill,” he says.
Worldwide cryptomining uses a lot of energy, more than some countries. And a single Bitcoin transaction takes about 1,449 kWh to complete, or the equivalent of approximately 50 days of power for the average US household. According to CNET, a single Bitcoin transaction would generate an energy bill of $173. “That doesn’t sound like a lot, but when cryptojackers take over many computers in a single business that can add up fast,” Burgess warns.
Signs you are being visited by cryptominers
Even without a formal plan in place to detect cryptojacking, there is plenty that can be done. “Monitor your CPU usage. Cryptominers use a lot of CPU power, so if you notice that your CPU usage is consistently high, even when you’re not running any demanding programs, it’s possible that you’re being cryptojacked,” Burgess says.
And if you are noticing overheating computers that typically don’t get so hot, that could be a sign that cryptojackers have set up shop.
Network traffic is also a potential warning.
“Cryptominers also send and receive a lot of network traffic, so if you notice that your network traffic is unusually high, it’s another sign that you may be being cryptojacked.” Educate staff and workers to spot suspicious processes. “If you open your task manager and see any processes that you don’t recognize or that have names that sound like they might be related to cryptomining, a deep dive is probably a good idea,” Burgess shares. Updating security software, if in the budget, can go a long way to preventing cryptojacking. “There is a lot of great off-the-shelf software now that has anti-cryptojacking protection, which can help detect and block cryptomining malware.”
In the meantime, Burgess recommends MSPs to patch vulnerabilities, upgrade software, educate users, and watch Bitcoin prices. “The higher Bitcoin prices go, the more lucrative it becomes to cybercriminals, and they’ll continually try to find ways to use unused GPU sitting around.”
Photo: Zakharchuk / Shutterstock