What Is Cryptocurrency Mining?

Process and Concept of Cryptocurrency Mining

The process of cryptocurrency mining involves the creation of blockchains. Related concepts are as follows:

1. Blockchain(s): A blockchain is a series of blocks arranged in time sequence. Digital transactions on the chain have timestamps. In this way, transactions are not repeatedly recorded.
2. Blocks: Each block stores detailed transaction data, including the payer and payee of the transaction, the transaction amount, and the encrypted hash.
3. Hashes: A hash function is a mathematical equation that converts data into a fixed-length string. The block hash is used to check whether the cryptocurrency transaction information has been tampered with.
4. Miners: The miner is a special node in a blockchain and is responsible for calculating a hash value to verify a block in the blockchain. The first miner to broadcasts to other miners that the hash calculation is complete will reap the cryptocurrency rewards.
5. Transactions: The transaction refers to a cryptocurrency transaction between two users. Each individual transaction forms a list with other transactions. The list is added to the unverified block for the miner's verification.
6. Consensus algorithm: Consensus algorithm is a protocol used in blockchains. Each node in a blockchain uses the consensus algorithm to verify data.

During the process of cryptocurrency mining, miners need to use high-performance computers to solve the encrypted hash equation, verify the cryptocurrency transaction information, and record the transaction information on the blockchain to obtain the cryptocurrency. The following example describes the process of cryptocurrency mining.

1. A bought a book from B using cryptocurrency. A new deal is created.
2. Miners verify the validity of this transaction and pack the valid transaction and recent transactions into a block.
3. Miners use the consensus algorithm to solve the encrypted hash equation and verify the new block.
4. The first miner that completes the verification of the new block adds the new block to the blockchain and broadcasts to other miners that the mining is complete, and then reaps the cryptocurrency reward.
5. The transaction information of A and B is recorded on the blockchain, indicating that the transaction is complete.

With the development of the cryptocurrency system, the difficulty of solving encrypted equations increases exponentially. Therefore, the computing power of a single computer is insufficient to support cryptocurrency miners' needs. As such, additional miners are added to a mining pool to work jointly with the existing miners. Miners reap cryptocurrency rewards based on the workload. A miner's device generally communicates with the mining pool through the stratum protocol.

Methods of Cryptojacking

As the cost of cryptocurrency mining grows, attackers are hijacking individual or enterprise device resources without permission to earn more cryptocurrencies at a lower cost. This malicious behavior is called cryptojacking. Attackers use the following methods to perform cryptojacking:

Cryptocurrency Mining Through Malicious Programs

Attackers usually use social engineering assaults/attacks to induce users to click and download cryptojacking programs. Once downloaded to the user device, the cryptojacking program automatically runs in the background, and hijacks the device's computing resources for cryptocurrency mining.

The most common method is phishing. When a user opens a phishing email attachment or clicks a malicious link in an email, the cryptojacking program is automatically downloaded to the user's device and may infect other devices on the network through horizontal penetration. The cryptojacking program is then deployed to mine cryptocurrencies.

Another method is through software bundle download. An attacker implants a cryptojacking program into a software package. When a user downloads and installs cracking software, activation tools, game cheating programs, or pirated games from unauthorized channels, the cryptojacking program is also installed on the computer and automatically runs in the background.

Cryptocurrency Mining Through a Browser

Attackers embed mining scripts into web page JavaScript or web page advertisements and hijack user devices through browsers for cryptocurrency mining. When a user browses a web page or an advertisement, the mining script automatically runs, occupying computing resources for cryptocurrency mining. Attackers usually embed scripts on web pages with high page views to expand the propagation scope of mining scripts.

Another method is to perform cryptocurrency mining through a browser plug-in. Attackers embed mining scripts into browser plug-ins, disguise them as normal browser plug-ins, and upload them to the plug-in store. After users download and install the software, attackers can use the browser for cryptocurrency mining.

Cryptocurrency Mining Through Cloud Services

Attackers steal the API key of the cloud service, obtain management permissions, write mining scripts, install cryptojacking programs in the cloud service environment, and hijack the computing resources of cloud services for cryptocurrency mining.

Attackers also exploit vulnerabilities to attack numerous cloud hosts and occupy the computing resources of compromised cloud hosts for cryptocurrency mining.

How to Determine Whether a Device Is Undergoing Cryptojacking

Cryptojacking programs are usually disguised as normal programs and run in the background, making them difficult to detect. You can use the following methods to check whether your device is undergoing cryptojacking:

1. Check whether your device's performance has deteriorated. Performance deterioration is the most obvious sign of cryptojacking. Cryptojacking programs slow down or even break down your device's system.
2. Check whether your device overheats. Cryptojacking programs occupy a myriad of computing resources, leading to the device overheating. Therefore, its hardware becomes damaged, and its service life is shortened.
3. Analyze whether CPU usage increases. Cryptojacking programs cause high CPU usage over long periods of time. You can use the activity monitor or task manager to monitor and analyze CPU usage.
4. Check whether your electricity bills have increased. If cryptojacking programs run in the background over long periods of time, overall power consumption increases, meaning a higher electricity bill.

How to Prevent Cryptojacking

The signs of cryptojacking are not as obvious as those of other threats. You can, however, take some defense measures to protect devices and networks from being attacked.

1. Train your organizations' IT team so that they can recognize the signs of cryptojacking, promptly detect cryptojacking programs, and take measures to clear them off from your devices.
2. Provide employees with comprehensive cyber security training, beware of phishing emails and malicious links, and prohibit the unauthorized installation of third-party software from unknown sources.
3. Install an anti-mining plug-in on browsers to prevent attackers from using the browser for cryptocurrency mining.
4. Install ad blocking software to detect and block web page ads embedded with mining scripts.
5. Disable browser JavaScript to prevent mining scripts from infecting devices when employees browse web pages.
6. Use dedicated security devices to detect and defend against cryptojacking programs.

How Huawei Responds to Cryptojacking

Faced with emerging cryptojacking events, Huawei provides reliable security solutions and products to detect threats on devices and networks, handle mining threats promptly, and protect your devices and networks from being attacked.

• HiSec Insight Security Situational Awareness System

  By collecting traffic and alarm information and performing association analysis, HiSec Insight can detect mining threat events on networks and provide details, handling suggestions, and threat analyses and forensic information about mining threat events, helping security O&M personnel check and promptly handle mining threats.

• Huawei Qiankun Security CloudService Solution

  Huawei Qiankun Security CloudService has endpoint protection and response service capabilities. It can protect all disk directories in real time to prevent cryptojacking software from intruding on devices through browser downloads and USB flash drive transfers. Huawei Security CloudService can also compare DNS request data reported by the Agent with the threat information mining pool database to detect malicious connections to the mining pool and detect threat events promptly. In addition, Huawei Security CloudService can scan, detect, remove and isolate cryptojacking software.

• HiSecEngine USG6000F Series AI Firewalls

  The antivirus function of the USG6000F series AI firewalls can detect mining viruses transmitted over networks and block or generate alarms when detecting software carrying mining viruses, protecting the enterprise intranet from being attacked. In addition, the IPS signature database configured on the firewall can detect the traffic of cryptojacking software connected to mining pools and promptly block the traffic.