Crypto-mining malware: Uncovering a cryptocurrency farm in a warehouse

Crypto-mining malware in corporate networks

Crypto-mining malware has the ability to hamper and even crash an organization’s digital environment, if unstopped. Cyber AI has discovered and thwarted hundreds of attacks where devices are infected with crypto-mining malware, including:

  • a server in charge of opening and closing a biometric door;
  • a spectrometer, a medical IoT device which uses wavelengths of light to analyze materials;
  • 12 servers hidden under the floorboards of an Italian bank.

In one instance last year, Darktrace detected anomalous crypto-mining activity on a corporate system. Upon investigation, the organization in question traced the anomalous activity to one of their warehouses, where they found what appeared to be unassuming cardboard boxes sitting on a shelf. Opening these boxes revealed a cryptocurrency farm in disguise, running off the company’s network power.

Had it remained undiscovered, the crypto-mining farm would have led to financial losses for the client and disruption to business workings. Mining rigs also generate a lot of heat and could have easily caused a fire in the warehouse.

This case demonstrates the covert methods opportunistic individuals may take to hijack corporate infrastructure with crypto-mining malware, as well as the need for a security tool which covers the entire digital estate and detects any new or unusual events. Darktrace’s machine learning flagged the connections being made from the warehouse boxes as highly anomalous, leading to this unexpected discovery.

In organizations with Antigena active, any anomalous crypto-mining devices would be blocked from communicating with the relevant external endpoints, effectively inhibiting mining activity. Antigena can also respond by enforcing the ‘pattern of life’ across the digital environment, preventing malicious behavior while allowing normal business activities to continue. As bad actors continue to proliferate and hackers devise new ways to deploy crypto-mining malware, Darktrace’s full visibility and Autonomous Response in every part of the digital environment is more important than ever.