News story

Cryptocurrency Mining: Does the reward outweigh the cost?

Learning NewsQA

QA Cyber Security Trainer, James Aguilan, looks at the practice of mining cryptocurrency.

Before, hackers would try to gain access to systems with the aim of levering profit through tricking users into clicking a malicious links or MITM. Since the rise of cryptocurrency, there has been a new mark in the world of cybercrime. Hackers are predominately less keen on our money – and more into our computer power instead. As a result, the chips that power our devices are being silently hijacked for mining cryptocurrency.

Hackers can use computer power to complete the complex mathematical puzzles that validate a block of cryptocurrency transactions. If a hacker manages to solve those tricky sums, they're rewarded. However, this is no easy task. Nonetheless, enthusiastic miners have found themselves investing huge sums in computer hardware in the hopes of winning these rewards, but as cryptocurrencies gain more power, more power is required to mine them.

One of the ways in which nasty mining tools end up on our device comes from the same method a malware would – clicking on a malicious link or opening file from emails. Zero-day attacks and new threats are appearing more constantly, as in recent news many android users were infected with a tool that mines a cryptocurrency called Monero (XMR). The result of such scheme has infected more than 500,000 window users and generated $3.6 million. More recently, malicious mining software has introduced its way onto mobile devices via text messages, rogue links on FB messenger and even via maliciously embedded google ads. As mentioned earlier, hackers are 'silently' hijacking power making victims unaware of what is going on with their infected slow running device.

Despite the potential rise of cybercrime, the rise of cryptocurrency has also caused a flash of positive global effect. As of recently, UNICEF have appealed to gamers with powerful Graphical User Interface (GPU) to mine Ethereum to help raise money for children in Syria. In addition, the GPU are now selling to gaming and mining customers which facilitates the mining of a certain cryptocurrency. Beyond the world of graphics card, demand has soared for dedicated mining rigs, such as AntMiner S9.

Miners require an enormous amount of electricity. The main expense for miners is the power and this helps to explain why hackers are now trying to get that power for free by stealing it. Anyone thinking 'if you can't beat them, join them' should maybe think again. Cryptomining is outweighing to be impractical and the volatility of the market means that the amount spent on mining coins might be better spent buying the coins from an exchange service.

About James Aguilan
Cyber Security Trainer

James has worked on many high complexity eDiscovery Projects and Forensic Investigations involving civil litigation, arbitration and criminal investigations for large corporation and international law firms across UK, US, Europe and Asia. James has assisted on many notable projects involving: one of the largest acquisition and merger case of all time – a deal worth $85 billion, multijurisdictional money laundering matter for Government bodies, and national cyber threat crisis including the more recent ransomware, phishing campaigns, and network intrusion. James has comprehensive knowledge of the eDiscovery lifecycle and forensic investigation procedures in both practise and theory with deep focus and interest in Forensic Preservation and Collection and Incident Response. In addition. He holds a first class bachelor’s degree in Computer Forensics and is accredited as an ACE FTK certified examiner.

Cyber Security training from QA

QA have uniquely positioned themselves to help solve the Cyber skills gap, from our Cyber Apprenticeship programmes and Cyber Academies to Cyber Challenges, Training and Certifications, Consultancy for Cyber Security and Cyber Security Masters degrees.

They offer end-to-end Cyber training and certifications from Cyber Awareness to deep dive Cyber Programmes and solutions; from Cyber Investigations, Cyber Crisis Management, Proactive Security to Offensive Defence. QA only employ world-leading Cyber trainers who have the expertise to deliver bespoke Cyber solutions, GCHQ accredited courses and proudly the CyberFirst programme. This is all to support tackling the UK's National Cyber Security skills shortage.

QA also have state-of-the-art Cyber Labs, where companies can simulate real-life Cyber-attacks on their infrastructure, helping them to prevent & combat breaches without risking their own network.