The Rise of Cryptocurrency Mining in Higher Education
The higher-education landscape has become a fertile field for growing crypto-mining revenue. College students are crypto-mining from their dorm rooms, while outside actors are targeting their online activities for web-based attacks.
Why Higher Education?
According to Vectra’s 2018 RSA Conference Edition of its Attacker Behavior Industry Report, higher education is a prime arena for crypto-mining activities. Students in universities are usually not protected by the institution’s open networks, making them vulnerable targets. Additionally, students often engage in crypto-mining themselves, taking advantage of the free electricity provided by their dormitories.
Chris Morales, head of security analytics at Vectra, explains, “Students are more likely to perform crypto-mining personally as they don’t pay for power, the primary cost of crypto-mining. Universities also have high-bandwidth capacity networks with a large volume of easy targets, especially as students are more likely to use untrusted sites hosting crypto-mining malware.”
The Data
The report analyzed traffic and metadata from over 4.5 million devices and workloads, revealing that 60% of cryptocurrency mining detections occurred in higher education. This was followed by entertainment and leisure (6%), financial services (3%), technology (3%), and healthcare (2%). The surge in mining activities correlates with the increasing prices of cryptocurrencies like Bitcoin, Monero, and Ethereum.
Colleges and universities not only lead in crypto-mining but also experience the highest volume of attacker behaviors. Higher education topped the list with 3,715 detections per 10,000 devices, followed by engineering with 2,918 detections per 10,000 devices.
Challenges and Responses
One of the primary challenges faced by higher education institutions is the prevalence of command-and-control (C&C) activity, which is four times above the industry average in this sector. These early threat indicators often precede other stages of an attack and are associated with opportunistic botnet behaviors.
When crypto-mining activities are detected, universities can only respond by notifying students and providing assistance in cleaning infected machines. However, the problem is likely to persist as students continue to find ways to engage in these activities.
Looking Ahead
Daniel Basile, executive director of the Security Operations Center at Texas A&M University, acknowledges the intelligence and resourcefulness of students in utilizing technology for cryptocurrency mining. He highlights the growing trend of websites using visitors’ PCs for mining activities, which can directly impact students, especially with the increase in online video streaming resources.
As the cryptocurrency mining trend continues to evolve, higher education institutions must remain vigilant in protecting their networks and educating students about the risks associated with these activities.