How will this invisible threat affect your ability to deliver on your promise to your customers?
More and more of us in the telecom industry are paying attention to the cryptocurrency phenomenon and becoming familiar, if not yet completely comfortable, with the terminology. Depending on how it is described, cryptocurrency can sound like either the hottest trend around or the next financial bubble waiting to burst. Even the experts don’t always agree on which it is.
But even if you’re aren’t yet jumping on the cryptocurrency bandwagon, there’s a new term associated with the cryptocurrency phenomenon that telecoms ignore at their own peril: cryptojacking. In this article, we’ll give a quick primer on what it is, why it’s a problem, and what telecoms can do about it.
What is Cryptojacking?
You’d have to be hiding on a desert island – one with no Internet connection – not to have heard about cryptocurrencies like Bitcoin, Ethereum, Monero, and others, so we’re going to assume that everyone has at least a basic understanding of what they are.
Many of you probably also have a solid understanding of blockchain, the digital ledger in which cryptocurrency transactions are recorded. If you want a refresher, refer to our recent post: How Blockchain Will Impact the Telecoms Industry.
To understand cryptojacking, we first need to look at the concept of cryptomining. Remember, one of the aspects of cryptocurrency that makes it different from a traditional currency is that it (mostly) sidesteps the world’s financial institutions. Cryptocurrency blockchains are run by independent “miners” who use their computing power to process transactions and are then paid in cryptocurrency.
As cryptocurrencies go up in value, the amount of money that can be made mining these currencies rises as well, making it an attractive business opportunity. The hardware, software, and cabling required to become a cryptominer can be purchased online for anywhere from several hundred dollars to several thousand. Cryptomining businesses and consortiums are even starting to crop up.
To be clear, cryptomining is not a crime, but like all potentially lucrative activities, it has a darker side that attracts the criminal element. Instead of using their own processing power, cryptojackers hijack CPU cycles they don’t own to mine for cryptocurrency.
An Under-reported Problem
Cryptomining malware is becoming increasingly common. Check Point included it on their February 2018 list of the Top Ten Most Prevalent Malware, saying that 42% of organizations worldwide had been infected. McAfee reported that Coin Miner, one particular cryptomining malware variant, had grown 629% in the first quarter of 2018.
However, cryptojacking may be one of the most under-reported cybercrimes today. That’s because cryptojackers try to stay under the radar as much they can so they can continue to use stolen CPU cycles. To avoid detection, they don’t typically use 100% of any given system’s CPU power, so the users of that system might experience an incident of cryptojacking as their systems “running unusually slow today.” Or cryptominers might use processing cycles during the business’s off hours when a decrease in performance is less likely to be noticed.
Cryptojackers can even infect websites in what’s been called “drive-by cryptojacking” where they use CPU cycles of anyone accessing the site. The company that owns the site never notices the difference, and those who access the site just assume it is either poorly written or experiencing an unusual amount of traffic. Depending on how patient the visitor is and how important they deem the site, they’ll either put up with the slow service, contact the company in a different (and probably more expensive) way, or leave to find another provider. While website performance can cost a company revenues as well as reputation, the incident is rarely identified as a potential cryptojacking incident.
In addition, cryptojackers don’t yet seem as interested in stealing data as other types of cybercriminals, so for the business concerned with data theft or downtime, concerns over cryptojacking take a back seat to other types of threats such as ransomware and distributed denial of service (DDoS) attacks.
A Real Headache for Telecoms
Like many of today’s fast-moving industries, telecoms are systems-intensive businesses, and system performance has an impact on customer experience. These businesses regularly update hardware and software to improve performance for their users. When cryptojackers steal CPU cycles from the business, they are essentially stealing the company’s reputation and customer satisfaction.
System performance issues also have implications for telecoms that provide contracted services with clear service level agreements. A sudden cyptomining malware injection might cause service levels to slip below contracted levels, setting off a series of financial penalties or concessions.
As if that wasn’t bad enough, cryptojacking can prevent the company from meeting some of its other key objectives. For example, decreasing power consumption, either to lower costs or to contribute to a reduction in CO2 emissions, is a strategic objective for many. IT systems draw more power than pretty much anything else in the business, and unauthorized use, especially at the sustained levels required for cryptojacking, eats up power quickly. If, despite your best efforts, power consumption continues to rise, cryptojacking could be part of the problem.
Finally, cryptojacking means your systems are running longer than usual – in some cases, almost non-stop. This increases wear and tear, requiring equipment to be repaired or replaced ahead of schedule and increasing CapEx and OpEx.
The ability to fly under the radar is what makes cryptojacking so potentially damaging. We’ve probably all heard stories of employees that embezzle thousands of dollars by stealing it one penny at a time from thousands of accounts over many years. A few cents missing here, a few cents missing there go unnoticed, but eventually, it starts to add up to real money.
It’s even more difficult to translate stolen CPU cycles into actual dollars, so we don’t see the losses on the bottom line. Instead, we throw more money at the problem, adding equipment or upgrading hardware, thinking our current systems are out of date when the problem isn’t our systems at all.
How Telecoms Can Prevent Cryptojacking
Thankfully, the technology needed to prevent cryptojacking is already on the market. In fact, many of these strategies are just old-fashioned common sense in the world of IT security.
Educate your employees– Phishing is one of the most common ways to inject cryptomining malware (or any other type of malware) into a system. According to the 2018 Verizon Data Breach Investigations Report, 4% of people will still click on any given phishing campaign. Continue to educate your employees to be cautious about opening suspicious emails and to avoid clicking on links from people they do not know.
Keep systems patched– While cryptomining may not be making headline news, hardware and software companies are aware of the threat. Installing the most current patches from your vendors can strengthen your defenses.
Update your anti-virus applications– It goes without saying that anti-virus and anti-malware applications are a vital element of your defense against cryptomining. Not only can they prevent malware from entering your systems, installing the latest versions can help catch any of the newer variants that might have slipped through.
Monitor your systems– Like other cybercriminals, those who create cryptomining malware are always updating their techniques to stay one step ahead of IT security professionals. Keep an eye out for unusual spikes in CPU usage and power consumption levels to detect evidence of cryptojacking in your organization.
While you might think most organizations have these four strategies covered, the 2018 Verizon Data Breach study found that in 68% of data breaches months passed before the breach was discovered. Clearly, organizations haven’t quite developed the vigilance needed to combat today’s cybercriminals. Furthermore, because cryptominers employ a stealthy approach, the average time-to-detection is sure to increase as more and more cybercriminals discover they can make money stealing CPU cycles from under the noses of their victims.