Could Your Network Be Mining Bitcoin or Launching a DDoS Attack?

Botnets mining bitcoin illegally on someone else’s dime is not as prevalent as it was a few years ago however they continue to happen. One Roman bank recently discovered that hackers had tapped into its network to produce bitcoins for free. Network security that includes detection such as security information event management (SIEM) software and early reporting capabilities can help prevent intrusions and other unwanted activities.

When bitcoin started, the best way to a get one was to mine it. At its most basic form, mining bitcoins is applying computer power to quickly solve a lot of math problems—the quicker the better. Early on, a common personal computer could do a reasonable job of producing a bitcoin. Now the ordinary PC doesn’t have the computing power to solve the SHA-256 algorithm with any reasonable speed.

Too expensive to mine bitcoins

Today miners can buy application specific integrated chips (ASICs)—essentially specialized computers—to perform this function. The problem is that such PCs, though small, still consume too much power for the amount of bitcoin produced. It would be helpful for miners to have free electricity, as in this case where a miner had access to his dad’s Austrian power plant.

Since most miners must pay for electricity, they need ASICs that run as efficiently as possible. When calculating the number of hashes performed per second divided by its power use, Bitmain’s Antminer S7, an ASIC bitcoin mining processor, gets excellent reviews for its energy efficiency. The Antminer S7 uses the Bitmain BM1385 chip customized to specifically build and mine the currency. It can attain a 32.5 gigahash per second hash rate with a power consumption of 0.216 watts per gigahash second.

On Amazon the Antminer S7 goes for $1,100, an important consideration when evaluating mining costs.

Using a bitcoin calculator, I ran the Antminer S7 numbers, factoring electricity at 12 cents per KW hour. Without any foreseeable hitches, it would take 69 days to generate one bitcoin, worth $444 as of this writing. Considering electricity and hardware costs, the breakeven point is 425 days. Click here to see the calculations.

Processing power is only half the battle in mining bitcoins. It also has to be combined with energy efficiency. Given this kind of ROI and the rising cost of utilities, bitcoin currency is getting more difficult to mine.

Not worth the effort

McAfee stated in a threat report that the risk to reward ratio no longer offered a sufficient payoff for hackers building or buying botnets to mine bitcoin—even when using stolen resources. An ever-increasing number of machines needed to be hacked, so a payout was less likely. The report stated that botnets create a “much greater and more noticeable presence or footprint of the bot on the infected machines.” And once it’s discovered it will be removed by network admins.

However that hasn’t deterred cyber criminals lately looking for a free ride to lower their mining costs through Illegal workarounds.

In the case of the bank in Rome, it took working with Darktrace, a U.K. company offering cyber security threat detection to isolate the activity and detect that one of its servers was sending a stream of data to unknown networks.

Leveraging networks illegally

In yet another network workaround, white hat hackers, Rob Ragan and Oscar Salazar, built a botnet comprised of tens of thousands of machines without a SIEM or other security using. They used only free trials and freemium accounts offered by application-hosting services, such as Amazon Web Services. Ragan and Slazar’s goal was to prove that their cloud-based botnet could mine a Litecoin, a crypto currency similar to bitcoin. They generated about 25 cents a day per instance, or $1,750 per week, and were never discovered. Further, their hack cost them nothing but a little time to set it up.

Now equipped with increased networking power and bandwidth, Ragan and Salazar posited the next step that cybercriminals can mount assaults using the freemium botnet. “Imagine a distributed denial-of-service attack where the incoming IP addresses are all from Google and Amazon,” says Ragan. “That becomes a challenge. You can’t blacklist that whole IP range.”

Detecting intrusions

There are security services that can detect anomalies, including when a botnet is tapping your network. A number of companies offer SIEM software to monitor network behavior and flag irregular activity. For a smaller organizations with limited or no security staff, outsourcing SIEM can be an option. While not inexpensive, it can oversee your most important servers. As for blocking attacks coming from an entire IP range, there are services that can provide this protection.

Botnets continue to proliferate and SIEM and infrastructure protection are an important part of a sound security strategy. Without monitoring technology in place, your network may surreptitiously be put to work mining bitcoin for someone else or worse — launching a DDoS attack. Consider boosting your network security with a service that has both low false positives detection and sophisticated machine learning capabilities.

Have you had a similar experience? Leave me a comment if you’d like to share your story.

Keep your finger on the pulse

Sign up for updates from Imperva, our affiliated entities and industry news.