The amount of illegal cryptocurrency mining closely tracks Monero’s value, new research shows.
According to Talos, Security The researchers noted that as the value of Monero increased, so did the volume of illicit mining detected in the wild. Researchers chose to follow Monero because it is the cryptocurrency of choice among cybercriminals.
“Monero is a favorite for illicit mining for a variety of reasons, but two key points are: it’s privacy-focused,” the researchers said.
The researchers needed to find an efficient way to track cryptocurrency mining activity to test their hypothesis. They have relied on network-based detections, as crypto mining is typically done in the clear – unencrypted – over the wire and is therefore discoverable. The researchers said that this ensures that the crypto-miner is properly installed and functioning as it generates the applicable network traffic.
To track mining detection, they tracked the trigger rate of certain Snort rules targeting crypto miners. Researchers tracked Monero’s activity between November 2018 and June 2021.
“The first thing we noticed is that regardless, cryptomining is extremely popular. Even at its lowest point, we were seeing millions of events associated with crypto mining activity. We have also been amazed at how much mining activity has increased since we started writing about it in 2018. Today we are seeing more than double the volume we saw several years ago ”, said Nick Biasini, threat researcher at Cisco Talos.
The researchers observed that mining activity depends to some extent on the value of the currency.
“The biggest cryptocurrency mining activity we’ve ever seen has happened in the past two months when Monero hit its all-time high,” Biasini said.
Apart from the short-term price decline in early 2021 – before the massive peak – the chart almost identically tracks the value of the currency
Top Barriers and Business Strategies for Digital Sellers
This survey reveals both challenges and emerging opportunities in 2021
“Honestly, this was a pretty surprising correlation, as it is believed that malicious actors take a long time to set up their mining operations, so it is unlikely that they will be able to flip a switch from day to day. next day and start mining as soon as the values increase, ”said Biasini.
“This may still be true for some of the threat actors who deploy miners, but based on real data, there are plenty more chasing money.”
With many countries now considering a crackdown on cryptocurrency use, that pattern could quickly change.
“The detection of cryptocurrency mining can be extended to various places, including blocking mining-related domains, applying limitations on the end system preventing mining from starting, and many network-based detections, on which this research is based, ”Biasini said.
From zero to hero: the path to maturity CIAM
Your CIAM travel guide
The Total Economic Impact of the Intel vPro® Platform
Cost Savings and Business Benefits Delivered by Intel vPro® Platform, Driven by Intel
X-Force Threat Intelligence Index
Top security threats and recommendations for resilience
How to reduce the risk of phishing and ransomware
Top security issues and mitigation tips