Q&A: How crypto jackers drain computing power from business networks

By Byron V. Acohido

Messaging security firm Proofpoint has been tracking botnet activity as closely as security vendor.  One recent development is the deployment of  botnets for hire, such as Necurs, towards illicit crypto mining, or crypto-jacking.

Related article: Crypto jacking spreading faster than ransomware

This silent stealing of corporate computing resources may seem somewhat benign compared to ransomware campaigns or Distributed Denial of Service attacks. In actuality, the harm is material, and this attack development is in a nascent stage.

Last Watchdog asked with Kevin Epstein, Proofpoint’s vice president of threat operations, to frame the impact for businesses.

LW: What precisely is the harm caused to my business, if several of my servers are corrupted and directed to cryto-mining?


Epstein: The primary risk is reduced performance and availability on potentially mission-critical systems like Active Directory infrastructure, web servers, database servers, etcetera.

LW: Does this type of bot activity noticeably drain performance? Or are they stealthily distributed?

Epstein: It depends on the existing workloads and performance of the infected systems. High-performance servers with low to moderate workloads may not experience noticeable impact while older servers with higher utilization are most likely to suffer noticeable impacts.

LW: Will the victim companies even know what’s going on?

Epstein:  This will likely depend on the impact the company experiences. However, organizations can detect C&C communications via network intrusion detection systems (IDS) and unusual use of Windows Management Interface (WMI) via a number of endpoint management tools.

LW: How do you expect this threat to evolve over the next few months?

Epstein: We can only speculate, but we may see that as easily-mined cryptocurrencies emerge, threat actors will shift to newer cryptocurrencies as they did from Bitcoin to Monero. We have also observed upticks in cryptocurrency-related threats corresponding to spikes in value.


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone