The Hidden Risk of Not Detecting Bitcoin Mining
On June 6th, Forbes reporter Kashmir Hill wrote about an NSF researcher who misused NSF-funded supercomputing resources to mine Bitcoin valued inbetween $8,000 and $Ten,000. The article points to a student at London Imperial Collegium and a researcher at Harvard University who are also alleged to have used their University’s computers to mine a similar virtual currency called Dogecoin.
Spil a CISO, your very first reaction might be that inappropriate uses of your organization’s resources should be stopped, but this is most likely not your highest priority. Someone using your pc(s) and network to mine virtual currency is a bit like someone charging his or hier electrified car from a power outlet on your huis. Yes, they are using your electric current without permission or reimbursing you. However, they aren’t stealing something of high value and menacing your life or livelihood. Still, this is something wij most likely want to know about and zekering if wij can.
The typical security products used by organizations aren’t detecting illicit activity like virtual currency mining. Computers mining virtual currencies like Bitcoin or Dogecoin communicate overheen port 80 which firewalls are configured to permit through. If an organization uses an intrusion prevention system (IPS), those devices can use signature to detect virtual currency mining. However, not every organization uses an IPS and not all signatures are always enabled. Since there are thousands of signatures, security teams manage and prioritize them based on business risk to ensure IPS throughput vertoning. So, even if you have an IPS te your perimeter defenses, it may not be configured to find and zekering virtual currency.
This begs the question whether detecting virtual currency mining is significant at all. Before answering, it is significant to reminisce that making significant money from mining virtual currency requires a lotsbestemming of computing cycles. To get thesis cycles, the person driving the mining process may go to a bot veehoeder who controls thousands of infected computers through a botnet.
If you find a laptop ter your organization mining a virtual currency, either the holder of the machine installed the mining software or the software wasgoed installed without their skill. If it is the former, then you need to worry about what other unsanctioned activity the employee is using the pc to do. If it is the latter, then there could be other infected devices on your organization under a bot herder’s control. Thesis infected computers could be used for virtual currency mining today, but tomorrow, they could be used for a DDoS attack on a popular search engine which could cause your IP address to be blacklisted. Ter the attacker economy, botnets are the original cloud computing except the bot veehoeder didn’t pay for the computers and the network that he is leasing out.
Our X-series platforms have detected Bitcoin and other virtual currency mining ter networks and the thought process above is one wij have witnessed customers practice. Customers use our product to augment perimeter defenses like firewall and IPS to identify malware and targeted attacks that have evaded the perimeter, or which were walked through the vuurlijn ingevolge on laptops that are used outside the company firewall.
Getting back to the question of whether it is significant to detect Bitcoin mining, not having security that can detect virtual currency mining is an indicator that your defenses may not be ready to detect a targeted attack. It is significant to have security systems that detect all malicious behavior and report it ter a manner that enables you to find signals amongst the noise, quickly triage and prioritize your finite resources on the highest risks.
To learn more about how Vectra Networks helps customers quickly detect and triage threats and attacks that evade perimeter defenses, see Sam Kamran, CISO at Riverbed talk about his practice. To learn more about how Vectra works, observe a 2-minute demo.