Report: Stealth Crypto Mining Much More Prevalent In Higher Ed Than Other Industries
Both intentional cryptocurrency mining and cryptojacking is becoming more prevalent on college campuses than in any other industry, according to a blog post published March 29 by cyber attack monitoring firm Vectra.
Vectra analyzed five industries where crypto mining – which the blog post defines as “an opportunistic attack behavior that uses botnets to create a large pool of computing power”, incorrectly combining crypto mining and cryptojacking into one use case – has occurred from August 2017 to January 2018, finding that “higher education” sees more mining than the other four industries combined.
Universities are not able to monitor their networks as strictly as corporations, “at best advis[ing] students on how to protect themselves and the university by installing operating system patches and creating awareness of phishing emails, suspicious websites and web ads,” leaving college campuses more open to cryptojacking schemes. The blog post notes that given the “free source of power” provided by universities to their students (meaning free of charge to students, not free of charge in essence), “[l]arge student-populations are ideal pastures for cryptojackers.”
Students, rather than malicious cryptojackers, taking advantage of this “free power” are “simply being opportunistic as the value of cryptocurrencies surged over the past year,” Vectra’s blog post writes.
Joey Dilliha, a student at Western Kentucky University, told financial news site MarketWatch that he mines crypto with a Bitmain Antminer in his room with his school’s “free electricity”:
“I believe more people should be doing it. It’s a super fun, and cool cheap way to be introduced to the market of mining.”
Dilliha adds that because the mining rig is actually a banned item in his dorm – due to it being a fire hazard – he has to “turn it off and put a blanket over it” during “dorm room check days,” adding that his “RA loves to come in and talk about it with me.”
In January of this year, Stanford University had posted a warning against crypto mining on campus, as school resources “must not be used for personal financial gain,” as well as citing the school’s chief information security officer:
“Cryptocurrency mining is most lucrative when computing costs are minimized, which unfortunately has led to compromised systems, misused university computing equipment, and personally owned mining devices using campus power.”
Vectra also notes the problems with cryptocurrency mining and crypto jacking as “creat[ing noise that can may [sic] hide serious security issues; [...] impact[ing] the reputation of an organization’s IP address [...] ; [allowing] cybercriminals [to] buy access to compromised computers to launch targeted attacks against universities.”
Vectra’s blog post, which has already several times confused crypto mining and cryptojacking, then goes into detail about the mechanics of cryptojacking, mentioning Coinhive and the CryptoNight algorithm-based Monero as common ways for cryptojacking to take place.
Cointelegraph recently reported on the ethics of cryptojacking, citing both cases where permission was asked before taking over a computer’s processing power to mine (like Salon.com) as well as malicious or unknown use cases (like Showtime and Telecom Egypt).
In conclusion to their blog post, Vectra writes that
“Cryptojacking and cryptocurrency mining are profitable, opportunistic endeavors that will likely increase as they replace ransomware and adware as the de facto method for individuals looking to make a fast buck.”