Detecting unauthorized cryptocurrency mining

With the rising value and prominence of cryptocurrencies like Bitcoin, Ethereum, and Monero, many hackers have found it profitable to hijack devices to mine cryptocurrency. Although the impact of unauthorized cryptocurrency mining–or cryptojacking–is less dangerous than ransomware, it can still be fairly annoying for enterprises to deal with.

Cryptocurrency mining is a highly intensive computing process which can slow down an employee’s machine. Placing high loads on CPUs and running them like this for a prolonged period will shorten their lifespan, drain laptop batteries, and increase electricity costs. The aggregate effect of large-scale unauthorized cryptocurrency mining in an organization can be significant, as it can force business-critical assets to slow down or stop functioning effectively.

Plus, the presence of unauthorized cryptocurrency mining software indicates that insufficient security controls are in place. If it's possible for malware to enter an enterprise network and spread cryptocurrency mining software without being detected, then that same vector can be used to deliver many other, more serious threats.

Identifying unauthorized cryptocurrency mining with EventLog Analyzer

You can use the predefined rules of EventLog Analyzer's correlation module to identify and alert you about the following activity:

• The use of cryptocurrency wallet software like Electrum, Jaxx, and Exodus.
• Initialization of cryptocurrency mining software like CGMiner and BFGMiner.
• Extended periods of high CPU usage.
• Extended periods of high machine temperature.

These predefined rules can be customized to alert you about other events as well. EventLog Analyzer also generates reports and alerts for any related events, allowing you to quickly take measures to prevent unauthorized cryptocurrency mining in your organization and protect your resources.