Illicit Mining Rigs Commonplace at Universities and Small Businesses
Although crypto mining is dominated by large organizations running at an industrial scale, small covert mining operations have a growing presence. This is revealed in a report from CISCO's Umbrella, a security platform which analyses billions of DNS requests every day to prevent users from connecting to potentially malicious sites.
Mining crypto on campus
The arrival of specialised equipment, mainly in the form of ASIC miners, has meant the only players that can afford to mine most cryptocurrencies profitably are large organisations with access to cheap electricity. With the benefit of economies of scale, these companies can afford to invest in dedicated hardware, and pay for the large amounts of electricity needed to keep it running.
Without cheap electricity, mining is unprofitable for most — and only those with subsidised electricity are able to compete — like Chinese mining firms that rely on abundant hydroelectric power, or college students piggybacking on university networks. At 22 percent, college students represent the second largest group of unwanted miners identified by Cisco.
Most top US colleges, like Stanford, MIT, and Berkeley, now house their own crypto research units, and across the world, 42 percent of the top 50 universities are now offering courses on the topic.
But, Cisco surmise that the bulk of mining on college campuses is not coming from research labs or classrooms, but from the dorms: "You leave [the mining rig] running in your dorm room for four years, you walk out of college with a big chunk of change," said Cisco threat researcher Austin McBride during a talk at RSA. "Mining difficulty for a lot of coins is very high right now—which means it costs more for electricity and internet than the profit you can produce from mining those coins," he added. "If you don't have to pay for those costs, then you are in a really good spot for making money on the university's dime."
Research released this time last year from AI-powered security firm Vectra drew similar conclusions, finding that mining activity occurred one to four times a day at each of the 11 college campuses that were studied.
Vectra, however, gave students the benefit of the doubt — suggesting that they might not be deliberately siphoning off the free electricity, but instead be playing unwitting host to malware stealing their computer's resources: "Students could be watching pirated movies from an untrusted website that is crypto mining using their computer throughout the entire watching session." said Christopher Morales, Head of Security Analytics at Vectra. "Such hacks are difficult to detect and can only be found when they're carried out on a mass scale"
Universities themselves have long been aware of the issue. In January 2018, Stanford posted a warning against crypto mining on campus, citing a surge in the price of bitcoin as leading to "misused university computing equipment", and "personally owned mining devices using campus power."
Businesses hit hard by covert mining
Away from campus, the largest sector hit by uninvited crypto mining is energy and utilities. With businesses in this sector accounting for 34 percent of unwanted mining. Most vulnerable to this threat, the report finds, are firms with under 10,000 employees relying on dated IT infrastructure.
Unlike college campuses, however, this uninvited crypto mining is undertaken remotely, using malware to take advantage of high-bandwidth enterprise networks — a process otherwise known as cryptojacking, which hit headlines last year after a number of attacks on high-profile organisations including the Indian and Australian government.
On the brighter side, once crypto mining activity has been identified, it can easily be prevented. As McBride told BNC, "a lot of Illicit crypto mining can be blocked by adding popular crypto mining pools to your domain block list."
Furthermore, browser-based cryptocurrency mining tool CoinHive, famous for being abused by cryptojackers, has recently ceased operations — citing the recent Monero fork, and the ongoing bear market, as making it impossible to continue.