Stealing Cycles, Mining Coin: An introduction to Malicious Cryptomining

In today's world crimeware is a multi-billion dollar industry that's currently being primarily run through extortion in the electronic age, ransomware. However, times are changing and the business models are changing along with it. The rise of ransomware has paralleled a rise in the value of cryptocurrencies, the two are not necessarily connected, but the impact has been.

From an adversary's perspective there are two primary ways of getting these currencies: ransom payouts or mining. Crypto-mining has been around as long as cryptocurrency and it's always been a trade off. Can you earn enough currency to offset the electricity and hardware costs?  Well imagine if you didn't have to worry about either of them.

This talk will provide a deep dive into pool mining, and how it is being leveraged by attackers. We will also outline the ways that we've seen adversaries deliver crypto mining programs to end users, the amount of mining capabilities they possess, and some of the financial impacts of their activities. Specific examples of miner distribution campaigns will be provided to give real-world scenarios where attackers are amassing computing resources.

Edmund Brumaghin

Edmund Brumaghin is a threat researcher with Cisco Talos. He has spent the past several years protecting environments across a number of different industries including nuclear energy, financial services, etc. He currently spends his days hunting malware and analyzing various threats as they emerge and continue to evolve. In his time with Talos he has researched ransomware, banking trojans and other threats being distributed using various attack vectors. He has also worked to expose large scale malware campaigns and raise awareness of security threats observed across the threat landscape.