Detecting and Responding to Cryptojacking with Artificial Intelligence

Written by

As cryptocurrency becomes increasingly popular amongst cyber-criminals, more people are falling victim to cryptojacking – the harnessing of computer power to mine cryptocurrency. 

Recently, large, well-known companies such as Tesla and YouTube have fallen victim to cryptocurrency mining malware: industries such as education and healthcare sectors are particularly prone, with 85% of cryptocurrency occurring in higher education, as demonstrated by our latest Attacker Behaviour Industry Report.

Many companies are currently struggling in the fight against cryptojacking, trying to manually identify malware’s predictable behavior patterns. If organizations were able to immediately spot their tell-tale behaviors, they would be able to isolate and eradicate them, however, doing this manually is slow and unreliable.

This is where AI and automation comes in. By channeling the power of these technologies, threat detection and response systems can rapidly find entities whose behaviors denote a sinister purpose across the entire enterprise network. 

Cryptojacking damages and dangers 
Despite cryptocurrency mining mostly being associated with decreasing the performance of devices, increasing electricity costs, and even damaging the hardware through increasing thermal loads, the most worrying aspect of it is that those utilizing a device to mine cryptocurrency may be able to gain access to systems and other devices through existing backdoors or vulnerabilities.

This stops cryptojacking from being seen as a low grade security hygiene issue that slows down computers and increases electricity bills, towards something that threatens an entire security posture.

This gives hackers the ability to steal corporate or personal data, infiltrate networks to install botnets and ransomware, or even re-sell access and control of the network to cyber-criminals operating on the dark web. 

To make significant money from mining cryptocurrency requires a lot of computing cycles. To get these cycles, it is likely that the person driving the mining process may go to a bot herder who controls thousands of infected computers through one botnet. Botnets, and their activities, likely pose multiple and diverse security threats to organizations.

DDoS attacks can also create ‘camouflaging’ noise that may hide or distract away from more serious targeted attacks. Furthermore, in some instances, cryptojackers will sell access to compromised computers to cyber-criminals who will then be able to launch targeted attacks against the organization, or surreptitiously press gang them into attacking third parties.

On the surface, cryptocurrency mining itself is not a big worry for enterprises, but the fact that hackers are able to so easily access corporate networks and hijack devices demonstrates that an enterprise is not in control of its own security. It is this lack of control which presents a far greater risk, therefore fighting back against cryptocurrency miners is essential. 

An increase in cryptocurrency mining
By utilizing artificial intelligence over the last six months or so, we have detected an increase in cryptocurrency mining on enterprise devices. A big advantage of using artificial intelligence to detect intruders in a network is its ability to provide immediate alerts without relying on prior knowledge and signatures of the specifics of the attack.

When it comes to cryptojacking, these alerts present a variety of hidden hacks whose sole purpose is to seize control of user machines in order to mine cryptocurrency. Utilizing artificial intelligence to detect cryptomining behavior also often uncovers additional, more serious security threats within a network.

Incorporating a platform which leverages artificial intelligence into an existing cybersecurity posture enables enterprises to detect and rapidly respond to cyber-attacks, providing them with attack visibility and threat details in order to empower immediate action against attackers. 

Identifying attacker behavior 
When it comes to monitoring behaviors within the network, artificial intelligence can detect attacker behavior in real-time, instantly determining whether it is malicious. By harnessing the power of both AI and automation, the latest threat detection and response systems can identify entities inside the network which threaten the network.

In addition to this, there is also a new breed of AI and machine learning-powered threat detection and response systems which, when deployed inside the enterprise, acts as multiple instant “tripwires” that create an alert when there is an unwelcome visitor on the network. This is done by the system identifying the specific malicious behaviors that malware is unable to hide. 

The majority of the time users are oblivious to the fact that their machine is being used for cryptocurrency mining and therefore have no reason to suspect, or expect, malicious activity.

Unfortunately many security analysts are similary blinded. By incorporating AI into their existing cybersecurity strategy, companies can detect cryptojackers on their systems, and act quickly to prevent them continuing to harness their processing power and posing a risk to their security.  

What’s hot on Infosecurity Magazine?