Crypto mining – the growing energy cyber threat
Illegal crypto mining threats have been on the rise in the UK and US energy sectors, UK headquartered Darktrace has reported in its 2022 sector threat trends review.
Darktrace reports tracking a three-fold increase in the total proportion of crypto mining attacks attempted against its customers in the US energy sector and a thirteen-fold increase in the UK during 2022 compared to 2021.
And the company describes it as “alarming but not surprising”, pointing to the vast OT infrastructures with access to huge supplies of energy that energy suppliers typically have and making them a prime target for energy-hungry crypto-jacking.
It also – like other cyber threats – is a serious insider threat, with employees occasionally using their workplace’s corporate digital infrastructure to mine, sometimes without realising it is illegal to do so.
Have you read?
Digital opportunities to secure Europe’s power supply
How to protect your business from a supply chain cyber-attack
Crypto jacking
Darktrace states that the tools necessary for crypto mining are increasingly accessible, but the energy required has never been more expensive.
While there are many individuals and organisations mining cryptocurrencies legally, the processing power needed and the huge associated energy cost incentivises bad actors to ‘steal’ energy and processing power from other devices and networks.
By secretly using devices belonging to other individuals or organisations to mine cryptocurrencies without their knowledge or consent, i.e. crypto jacking, bad actors can get cryptocurrencies without shouldering the huge energy cost.
This then also provides them with anonymous, untraceable ways in which to transfer and launder money.
Threat stories
As an example of a threat Darktrace cites a mid-March 2022 identification of a likely crypto mining activity within the network of an energy support company operating in Denmark.
Five similar internal servers were seen connecting to IPs associated with suspicious coin miner activities. Each of the devices also used a TCP channel associated with Stratum, a protocol that enables crypto mining pooling, indicating that someone was trying to mass pool these capabilities.
Another was the September 2022 detection of a failed crypto mining incident within the environment of a local US energy provider.
A desktop inside the business repeatedly made unsuccessful DNS connections to a rare ‘nanopool’ mining pool address.
Crypto mining threat
Darktrace says in its report that crypto mining has historically been thought of as a relatively acceptable form of compromise compared with other more overtly destructive cyber attacks like ransomware.
But the damage can be slow, insidious and long-lasting. Aside from slowing down systems and damaging productivity, running rogue software within the digital estate can easily turn into ransomware, data exfiltration or act as an initial entry point for a human-driven attack.
The company also comments that the indicators of crypto jacking can be exceptionally subtle, making them particularly difficult for security teams to spot.
Looking forward, Darktrace notes the extreme volatility of cryptocurrencies and says that if they lose so much value as to be uneconomical for hackers to spend their time and effort mining, even by illegal means, there may be a move away from crypto jacking attacks.
However, despite the dramatic failures of certain coins, cryptocurrencies are still a long way from being valueless and demand remains high.
“Given the usefulness of cryptocurrencies to criminals as an untraceable way to transfer and launder their illegal gains, it’s fair to say crypto jacking won’t be going anywhere yet,” Darktrace concludes in its report, adding that it is a threat that remains largely underestimated by security teams.
