Bitcoin in the Workplace - An Intro to Crypto Currency

The rise in popularity of Bitcoin and other cryptocurrencies is presenting new challenges for small and medium businesses, including security threats that can compromise company data, significantly diminish PC and network performance and adversely affect employee productivity.

The biggest obstacle to these new threats is awareness. Most business owners, while aware of Bitcoin's existence, aren't aware of how cryptocurrency is used, mined and acquired. Once found only in the realm of sophisticated programmers and computer geeks, Bitcoin and other cryptocurrencies have now caught the attention of average users, and most deadly of all, hackers looking to profit from the vulnerabilities and resources of business owners.

In this cryptocurrency primer, we'll cover the basics of cryptocurrency and what you should watch out for in order to keep your systems safe and your employees productive.

What is Cryptocurrency?

Cryptocurrency is the general term for any encrypted, decentralized digital currency. The most popularized cryptocurrency is Bitcoin, developed in 2009 by Satoshi Nakamoto and released as open-source code.

Cryptocurrencies, like Bitcoin, are exchanged in a peer to peer network, from one party to another. Each transaction is recorded in a digital record known as a "blockchain". Individuals store their cryptocurrency in a digital wallet that can only be accessed using a complex key of letters and numbers.

Developed in response to the fear sparked by the financial crisis in 2008, cryptocurrency does not rely on a bank, government or central authority. Instead, each transaction occurs between one person, directly to another person or entity, without interference from fledgling financial markets.

Each transaction of Bitcoin or other cryptocurrency is posted to a blockchain and verified by all the other computers connected to the network. This prevents the same unit of cryptocurrency from being used more than once. Transactions are completely anonymous and do not contain personally identifiable information (PII).

The most popular cryptocurrencies include Bitcoin, Litecoin, Ethereum and Ripple, though there are over 700 cryptocurrencies in circulation across the internet currently.

How Cryptocurrency Can Compromise Your Business

The process of earning Bitcoin or other cryptocurrencies is largely done through a process called mining. Mining uses cryptographic algorithms on a network of computers across the internet to register transactions on the blockchain.

Computers and servers with mining software installed can earn units of cryptocurrency in exchange for supplying the resources to carry out mining activities.

The process of mining cryptocurrency is computationally intensive and requires significant resources, usually in the form of dedicated processors, graphics cards and other hardware.

Because of the costs involved to purchase and run the hardware for mining, cryptocurrency miners often look for other ways to mine cryptocurrency, beyond the resources they have available. In some cases this means "borrowing" hardware from other users.

Installing Cryptocurrency Mining Software on Work Machines

Businesses should be on the lookout for Bitcoin miners or other cryptocurrency mining software installed on employee PCs. These applications utilize your company's electricity, internet connection and processing power in order to earn cryptocurrency for the employees who install it. Because these programs utilize so many system resources, they may compromise employee productivity and cause computer hardware to wear out prematurely.

Due to the increased processing power requirements, some employees choose to run the software during overnight hours and monitor the software from their home computer, like Vladimir Ilyayev, a computer systems manager for the New York City Department of Education, who was caught mining Bitcoin on his company PC in 2014.  But running the software at night is still unacceptable, since an employee is still taking advantage of company resources for personal gain.

Business owners should educate their employees about the dangers of installing cryptocurrency miners on their machines and institute concrete policies regarding the consequences for doing so. Employees need to understand that you will treat cryptocurrency mining in the same way you would handle theft of materials or the doctoring of a company timesheet.

To prevent mining software installation by your employees, add safeguards to your systems to prevent software installation and run regular scans for spikes in computer activity.

Mining Malware

In addition to ensuring that your employees are not installing mining software on their company computers, companies also need to be aware of the growing threat of mining malware that can be installed and run without a user's knowledge or consent.

In the latter part of 2017, Kaspersky Lab detected several large botnets that were designed to profit from concealed cryptocurrency mining on host computers. These botnets use a variety of tactics to install mining software on victim computers from convincing unsuspecting users to click on links to exploiting software vulnerabilities on PCs within a network.

But this pervasive malware isn't limited to individual PCs. Kaspersky Lab has also observed a growing number of attempts to install mining malware on servers owned by organizations. When infiltration is successful on a company network, the data processing speed of the network can fall substantially, resulting in errors, denial of service, and lost productivity.

Number of users Kaspersky Lab protected from malicious cryptocurrency miners from 2011 to 2017

Proper network monitoring and the use of anti-malware programs is important to keep cryptocurrency mining software off of your network.

Cryptojacking

Unfortunately, malicious mining software doesn't need to be installed on a host computer to rack up profits for strangers all over the world. A new wave of malware, known as cryptojacking has exploded in popularity in recent months.

Cryptojacking involves injecting Javascript into compromised web pages that begin working instantly when a user loads the compromised page into their browser. Most users are completely unaware that the software is even running.

According to Wired, "The idea for cryptojacking coalesced in mid-September [2017], when a company called Coinhive debuted a script that could start mining the cryptocurrency, Monero, when a webpage loaded. The Pirate Bay torrenting site quickly incorporated it to raise funds, and within weeks Coinhive copycats started cropping up. Hackers have even found ways to inject the scripts into websites like Politifact.com and Showtime, unbeknownst to the proprietors, mining money for themselves off of another site's traffic."

Fortunately, there are ways to protect against cryptojacking, according to Wired. "You can add sites you're worried about, or ones that you know practice in-browser mining, to your browser's ad blocking tool. There's also a Chrome extension called No Coin, created by developer Rafael Keramidas that blocks Coinhive mining and is adding protection against other miners, too."

With the rise of Bitcoin and other cryptocurrency mining, it's more important than ever to make sure your network is protected for maximum performance. Preventing employees from installing Bitcoin miners, educating your employees about the dangers of cryptocurrency mining software and developing iron-clad network security procedures will go a long way to keeping cryptocurrency mining software off of your systems.

If you have questions about cryptocurrency mining software or are concerned about the vulnerability of your network or company PCs, FrogWorks is always here to help. We've been helping business owners secure their networks since 2002!