IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Study: Cryptocurrency value spikes encourage more illicit mining

Researchers tracked Modero cryptocurrency and illicit mining for nearly three years

Monero crypto coin on a black background

The amount of illicit cryptocurrency mining closely follows the value of Monero, according to new research. 

According to Talos, security researchers noted that as the value of Monero increased, so did the volume of illicit mining detected in the wild. Researchers chose to track Monero because it is the cryptocurrency of choice among cyber criminals. 

"Monero is a favorite for illicit mining for a variety of reasons, but two key points are: It's designed to run on standard, non-specialized, hardware, making it a prime candidate for installation on unsuspecting systems of users around the world, and it's privacy-focused," said researchers.

Researchers needed to figure out an efficient way to track cryptocurrency mining activity to test their hypothesis. They relied on network-based detections as crypto mining is typically done in the clear — non-encrypted — on the wire and is, therefore, detectable. Researchers said this ensures the crypto-miner is properly installed and functioning since it generates the applicable network traffic.

To track mining detection, they tracked the rate that certain Snort rules targeting crypto miners fired. The researchers tracked Monero activity between November 2018 and June 2021.

“The first thing we noticed is that no matter what, cryptomining is extremely popular. Even at its lowest point, we were seeing millions of events associated with crypto mining activity. We were also floored to see how much mining activity has risen since we first started writing about this in 2018. Today, we see more than double the volume we were observing several years ago,” said Nick Biasini, a threat researcher at Cisco Talos.

Researchers observed that mining activity does have some dependence on the value of the currency.

“The most crypto mining activity we've ever seen has occurred in the last couple of months when Monero hit its all-time high,” said Biasini.

Outside of the short price drop in early 2021 — before the massive spike — the graph tracks almost identically to the value of the currency

Related Resource

Top obstacles and business strategies for digital sellers

This survey reveals both challenges and emerging opportunities in 2021

Woman on laptop in a colourful bubble - whitepaper from AdobeDownload now

“This was honestly a pretty surprising correlation since it's believed that malicious actors need a significant amount of time to set up their mining operations, so it's unlikely they could flip a switch overnight and start mining as soon as values rise,” said Biasini.

“This may still be true for some portion of the threat actors deploying miners, but based on the actual data, there are many others chasing the money.”

With many countries now considering a crackdown on cryptocurrency use, this pattern may quickly change.

“Detection for crypto mining can be spread into a variety of different places including blocking mining-related domains, to enforcing limitations on the end system preventing the mining from starting and lots of network-based detection, which this research is based on,” said Biasini.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

What is cryptocurrency mining?
cryptocurrencies

What is cryptocurrency mining?

27 May 2022
Protecting healthcare from cybercrime
Whitepaper

Protecting healthcare from cybercrime

25 May 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022