IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Study: Cryptocurrency value spikes encourage more illicit mining

Researchers tracked Modero cryptocurrency and illicit mining for nearly three years

Monero crypto coin on a black background

The amount of illicit cryptocurrency mining closely follows the value of Monero, according to new research. 

According to Talos, security researchers noted that as the value of Monero increased, so did the volume of illicit mining detected in the wild. Researchers chose to track Monero because it is the cryptocurrency of choice among cyber criminals. 

"Monero is a favorite for illicit mining for a variety of reasons, but two key points are: It's designed to run on standard, non-specialized, hardware, making it a prime candidate for installation on unsuspecting systems of users around the world, and it's privacy-focused," said researchers.

Researchers needed to figure out an efficient way to track cryptocurrency mining activity to test their hypothesis. They relied on network-based detections as crypto mining is typically done in the clear — non-encrypted — on the wire and is, therefore, detectable. Researchers said this ensures the crypto-miner is properly installed and functioning since it generates the applicable network traffic.

To track mining detection, they tracked the rate that certain Snort rules targeting crypto miners fired. The researchers tracked Monero activity between November 2018 and June 2021.

“The first thing we noticed is that no matter what, cryptomining is extremely popular. Even at its lowest point, we were seeing millions of events associated with crypto mining activity. We were also floored to see how much mining activity has risen since we first started writing about this in 2018. Today, we see more than double the volume we were observing several years ago,” said Nick Biasini, a threat researcher at Cisco Talos.

Researchers observed that mining activity does have some dependence on the value of the currency.

“The most crypto mining activity we've ever seen has occurred in the last couple of months when Monero hit its all-time high,” said Biasini.

Outside of the short price drop in early 2021 — before the massive spike — the graph tracks almost identically to the value of the currency

Related Resource

Top obstacles and business strategies for digital sellers

This survey reveals both challenges and emerging opportunities in 2021

Woman on laptop in a colourful bubble - whitepaper from AdobeDownload now

“This was honestly a pretty surprising correlation since it's believed that malicious actors need a significant amount of time to set up their mining operations, so it's unlikely they could flip a switch overnight and start mining as soon as values rise,” said Biasini.

“This may still be true for some portion of the threat actors deploying miners, but based on the actual data, there are many others chasing the money.”

With many countries now considering a crackdown on cryptocurrency use, this pattern may quickly change.

“Detection for crypto mining can be spread into a variety of different places including blocking mining-related domains, to enforcing limitations on the end system preventing the mining from starting and lots of network-based detection, which this research is based on,” said Biasini.

Featured Resources

What 2023 will mean for the industry

What do most IT decision makers really think will be the important trends and challenges in the coming year?

Free Download

2022 Magic quadrant for Security Information and Event Management (SIEM)

SIEM is evolving into a security platform with multiple features and deployment models

Free Download

IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment

Free Download

Magic quadrant for application performance monitoring and observability

Enabling continuous updating of diverse & dynamic application environments

View Now

Recommended

Uber says compromised third-party to blame for data breach
data breaches

Uber says compromised third-party to blame for data breach

13 Dec 2022
Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine
cyber warfare

Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine

5 Dec 2022
Major security exploits expected to rise before New Year
vulnerability

Major security exploits expected to rise before New Year

1 Nov 2022
Five common data security pitfalls
Whitepaper

Five common data security pitfalls

21 Oct 2022

Most Popular

Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
European partners expect growth this year, here are three ways they will achieve it
Sponsored

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023