Illegal mining equipment commonplace at universities and small businesses

A new report from CISCO found that malicious cryptocurrency mining traffic grew 19-fold in the last nine months of 2018, with much of the activity concentrated on college campuses and in areas with dense concentrations of small businesses.

While cryptocurrency mining is mainly carried out on an industrial scale by large organizations, small-scale clandestine mining operations are increasingly common. This was revealed in a report by Umbrella, a CISCO-owned securities platform that analyzes billions of DNS requests every day to prevent users from connecting to malicious websites.
Mining Cryptocurrency on Campus
The advent of specialized equipment, primarily in the form of ASIC miners, means that the only ones who can afford to mine most cryptocurrencies profitably are large organizations with access to cheap electricity. Driven by economies of scale, these companies can afford to invest in specialized hardware and pay for the large amounts of electricity required to keep it running.
Without cheap electricity, mining is unprofitable for most people — only those with subsidized electricity can compete — such as Chinese mining companies that rely on abundant hydroelectric power, or university students who rely on university networks. At 22%, university students are the second largest group of abandoned miners identified by CISCO.
Most of the top US universities, such as Stanford, MIT, and Berkeley, now have their own cryptography research departments. Globally, 42% of the top 50 universities offer cryptography research courses.
But Cisco speculates that much of the mining on college campuses comes not from research labs or classrooms, but from dorm rooms: "You leave [mining equipment] running in your dorm room for four years, and then when you graduate it's very different," Cisco threat researcher Austin McBride said during an RSA presentation. "The difficulty of mining a lot of cryptocurrencies right now is very high, which means the cost of electricity and internet is higher than the profit you can make from mining those cryptocurrencies," he added. "If you don't have to pay those costs, then you can make money using university resources."
This time last year, a study published by AI securities firm Vectra came to similar conclusions, finding between one and four mining events per day across 11 college campuses surveyed.
Yet Vectra gave the students the benefit of the doubt, suggesting they may not have been intentionally stealing free electricity, but were instead unknowingly hosting malware that was stealing their computers' resources: "Students can watch pirated movies from an untrustworthy website, while crypto mining is taking place throughout their viewing experience," said Christopher Morales, head of analytics at Vectra Securities. "This type of hacking can only be detected if it is carried out on a large scale."
Universities themselves have long been aware of the problem. In January 2018, Stanford issued a warning against cryptocurrency mining on campus, saying that the surge in Bitcoin prices had led to "misuse of university computing equipment" and "individuals owning mining rigs that use school power."
Industry hit hard by clandestine mining
Aside from universities, the energy and utilities sector was the hardest hit by unsolicited crypto mining. Companies in this sector accounted for 34% of those that did not require mining. The report found that the most vulnerable to this threat were companies with fewer than 10,000 employees that relied on outdated IT infrastructure.
Unlike on college campuses, however, this uninvited crypto mining is done remotely, using malware to exploit corporate networks with high-speed internet — a process also known as cryptojacking that made headlines last year after several high-profile institutions, including the Indian and Australian governments, were attacked.
Fortunately, once crypto mining activity is discovered, it is easy to stop. As McBride told BNC, “A lot of illegal crypto mining can be blocked by adding popular crypto mining pools to your domain block list.”
Additionally, coinHive, a browser-based cryptocurrency mining tool known for being abused by cryptojackers, recently ceased operations, citing the recent Monero fork and the ongoing bear market as making it unfeasible to continue operating.