Cryptocurrency Mining

Cryptocurrency Mining

Signs of Cryptocurrency Mining

  • An internal host is mining units of cryptocurrency of which Bitcoin, Litecoin, Ethereum, and Monero are some of the most common variants
  • Cryptocurrency mining is a common way for botnet operators to make money
  • Cryptocurrency mining may involve communication via HTTP or via the Stratum mining protocol
  • The threat score is driven by the rate at which cryptocurrency mining activity is performed

Why Attackers are Mining Cryptocurrencies

  • An infected host is mining cryptocurrency for its bot herder
  • Some cryptocurrency mining can occur in the user’s browser as a side effect of visiting compromised or low-reputation websites
  • The user of the host on which the behavior has been detected has installed cryptocurrency mining software and is making money using your organization’s systems, power, and network resources

Business Impact of Cryptocurrency Mining

  • Botnet activity presents several risks to the organization: (1) it creates noise which may hide more serious issues; (2) there is a chance your organization’s IP will end up on black lists; and (3) the compromised host can always be instructed to perform a direct attack on the organization
  • If the user of the host intentionally installed cryptocurrency mining software, the risk may be minimal, though such a user may also be prone to installing other “money making” software which may not prove to be as benign

How to Investigate signs of Cryptocurrency Mining

  • If the user intentionally installed cryptocurrency mining software, decide whether it should be removed
  • If the user did not install cryptocurrency mining software, the host is likely infected and part of a botnet that performs “silent mining”
  • Use anti-virus software or reimage the host to remove the malware

White Paper

Understanding Vectra AI

Vectra AI is a leading AI-driven threat detection and response platform. It uses machine learning to analyze network traffic and other data to identify and prioritize real threats.

This document provides a comprehensive guide to Vectra detections, including:

  • What Vectra detections are and how they work
  • Specific detections that Vectra can identify
  • How to interpret and respond to Vectra detections