The explosive growth in the price of cryptocurrencies has brought them more attention, and more people want to "mine" cryptocurrencies instead of buying them. In January 2022, 11 departments including the National Development and Reform Commission issued a document to rectify virtual currency mining: listed as an eliminated industry.
Risks of Crypto Mining in a Corporate Environment
There are three main risks of cryptomining software running in your corporate environment:
-
Increased costs : Power consumption is critical to crypto mining. If someone is using your system for mining, they have the potential to increase your system's resource usage to increase calculation speed and thus consume more power.
-
Performance and Availability Issues: While increasing processing (CPU or GPU), your system has fewer resources to allocate to other potentially mission-critical processes. Mining applications are often poorly written and can cause system crashes and disrupt your business services.
-
Use of Vulnerable Tools and Applications: It is common that many software written for crypto mining are poorly developed with little attention paid to security issues. This could lead to malicious parties exploiting vulnerabilities in the software and gaining access to your internal network through those vulnerabilities.
How to detect and prevent mining behavior?
System performance test
There are tons of reasons to perform performance monitoring on your system, one of which is to detect unusual increases in resource usage, which may indicate signs of cryptomining software running on the system. You need to investigate this change and verify that no illegal software is installed or running on your system.
Remember that crypto mining software does not always need to be installed on the system, it can be run as a standalone executable.
DNS Monitoring and Protection
DNS requests are only performed at the beginning of a mining session. Communication between mining client and server usually takes place between 30-100 seconds. According to the SANS Institute, what happens first is a DNS request, followed by TCP communication.
Try blocking domains at the DNS level, not just through a web filtering solution.
Analyzing DNS with Allegro Network Multimeter
Since the Internet is an integral part of almost all organizations and processes, it is essential to ensure trouble-free workflow. Checking and controlling DNS provides a complete view of the "Internet" so that errors can be quickly found and fixed in emergencies. The Allegro network multimeter makes checking the DNS protocol extremely easy.
For example, you can view more statistics about response times, status, frequency of requests, and how often they are answered (or not). No more spending long hours checking pcap for errors. With the Allegro DNS module, the number of searches can be reduced and different DNS statistics can be called directly. DNS analysis can be performed in real time or at selected intervals.
endpoint protection
Use endpoint protection/antivirus software to detect cryptominers. Antivirus companies are getting better at detecting cryptominers, but cryptominers are also constantly changing their techniques to avoid detection on endpoints.
application restrictions
Another good way to combat cryptomining is to limit the applications that can run on your system. You can use software restriction policies to specify which applications are allowed to run on the system. This can be difficult to set up at first because you need to know all the necessary software to run in your environment.
ad blocking
Since cryptojacking scripts are often delivered via online advertisements, installing an ad blocker can be an effective means of stopping them. Some ad blockers have some ability to detect cryptojacking scripts.
Mining detection using ntopng
ntopng3.6 stable version introduces some network mining blacklists, ntopng will mark online mining sites and generate alerts.
