Opinion piece from Richard Meeus, Security Technology and Strategy Director at Akamai
Coin-mining malware isn’t a new threat. Although it has received increased attention over recent months following the fluctuations in the value of bitcoin and other digital currencies, it has roots dating back to 2011. The term ‘coin-mining malware’ is used to refer to malware that malicious actors use to install coin miners onto users’ systems, enabling them to utilise the compromised systems’ computing resources for their own financial gain. The rise of cryptocurrency value has resulted in malicious actors doing whatever it takes to achieve capital gain.
Coin mining isn’t always illegal. In fact, in our recent SOTI Security Report, we highlighted a growing trend for publishers to offer web visitors content in exchange for processing capacity for coin mining – similar to the SETI initiative, where people can donate access to underused CPU capacity. And, of course, if someone is using their own devices to mine for coins, that can be perfectly legitimate. What is far more problematic, is coin miners illegally using malware to infect other people’s devices, co-opting their processing power and diverting it to manage bitcoin transactions and mine coins. This means that the infected device may not have the available memory to complete the activities that have been designated to it at the speed that it otherwise might or, in extreme circumstances, can slow down to the point where it is unusable. It also means that the victim is paying what is typically a substantial electricity bill needed to power the devices
A proactive approach is key when it comes to blocking requests to malware and ransomware drop sites. The way to do this is by blocking malicious payloads for improved zero-day protection by scanning requested files and web content in real time to stop threats before they reach and compromise endpoint devices.
There are several ways a business can protect its systems and data. At Akamai, we have developed various forms of threat mitigation and have built out an entire threat research team to study the behaviour of these hazards. Akamai is continuously working to assess and track threats like coin mining to add additional protections to our Enterprise Threat Protector offering, our cloud-based threat protection solution. This solution ensures all requested domains are checked against a real-time domain risk scoring threat intelligence. Users are proactively blocked from accessing malicious domains and services while requests to safe domains and services are resolved. This solution is also powered by real-time threat intelligence based on Akamai’s unprecedented global insights into Internet and Domain Name System (DNS) traffic, which enables this process to happen seamlessly.
Effectively, our platform is constantly learning what the threats are and where they come from so that we can intervene and block attempts to push malware to devices.
When considering a solution to cryptocurrency mining, companies should focus on minimising security management time and complexity. This is achievable by reducing false positive security alerts, decreasing alerts from other security products, and administering security policies and updates from anywhere in seconds to protect all locations.
Security control-point complications and complexities and security gaps in legacy solutions have to be managed. It is important to introduce solutions that ensure users and devices can securely connected to the Internet wherever they happen to be, without the intricacy associated with other legacy security solutions.