NTT Security Issues Warning About Crypto-Mining Malware

Researchers at NTT Security’s Global Threat Intelligence Center (GTIC) have issued a warning regarding cryptocurrency mining malware in a report published today.

NTT Security has visibility into 40 percent of the world’s internet traffic, and its GTIC has detected approximately 12,000 samples of crypto-mining malware since March of 2015.

Crypto-mining malware infects computers via the same channels as other malicious software.  NTT Security noted that phishing emails were the most common method of transmitting the software.  The software operates by siphoning the host computer’s power and resources to mine digital currency without the rightful owner of the device ever knowing, and with the proceeds from the mining being sent to the creator of the malware.

There is another means by which unsuspecting device owners can have their computer’s power hijacked for the purpose of mining digital currency, and this can be achieved without actually installing any malware on the host computer.  A company known as Coinhive offers a JavaScript-based cryptocurrency miner, which a website can embed in its code to utilize the computing resources of various devices connected to that site to mine virtual currency.

Basically, Coinhive allows websites to silently mine cryptocurrency by utilizing the resources of their users’ computers while they’re connected to the site.  The intention of Coinhive is to offer an alternative revenue generation method to suppliers of digital media who prefer not to rely on advertising as their revenue source.  Despite the benign intentions of Coinhive, the tool they’ve created has the potential to be abused on a massive scale.  NNT Security found that nearly 38,000 websites have Coinhive’s JavaScript miner embedded within their code.

Terrance DeJesus, a threat research analyst at NTT Security, said,

“The use of coin miners will, without a doubt, grow and become more advanced in time, possibly being built into other malware types such as banking Trojans, as well as ransomware. There are serious business implications to ignoring this current threat. We are encouraging all companies to be more vigilant of cybersecurity threats to their business. There are often simple and effective ways to mitigate risks, but too often the most obvious things are overlooked.”

The cryptocurrency of choice to be mined in this manner is Monero (XMR).  The privacy-oriented coin obfuscates transactions on its blockchain, making it impossible to see the addresses and amounts involved, and preventing anyone from tracing the movement of any given XMR.

The Monero blockchain also hides the XMR balances of users, so a public “rich list” is not available.  The opacity of Monero has led to a boom in the popularity of the cryptocurrency on the Dark Web.  The hackers behind the infamous WannaCry cyber attack last year recently converted a large portion of their ill-gotten gains into XMR from BTC.  While the association with criminals has led to a negative public conception of Monero, it also speaks volumes about the coin’s efficacy in maintaining anonymity.

Monero has also shown an exponential growth in price since it debuted in 2014 at $2.45 per coin.  At the time of writing, XMR is valued at roughly $333 per coin, down from its all-time high of $494.16 in December of last year.  This has made Monero not only a completely private store of value but also a financially beneficial one at that, which has encouraged XMR users to hold it for its own sake, rather than to use it solely as a transactional currency.

NTT is recommending that all organizations take the following steps to ensure that their computing resources are not being exploited by crypto-mining malware:

1. Conduct regular risk assessments to identify vulnerabilities in the organization.
2. Adopt a defense-in-depth approach to cybersecurity — i.e. have multiple layers of security in place to reduce exposure to threats.
3. Regularly update systems and devices with the latest patches, and deploy intrusion, detection and prevention systems to stop attacks.
4. Educate employees on how to handle phishing attacks, suspicious email links, and unsolicited emails and file attachments.
5. Proactively monitor network traffic to identify malware infection, and pay close attention to the security of mobile devices.”