Data Center Freeloading

Remember when your mother used to chastise you for performing some action that negatively impacted your home’s aesthetic with the phrase, “This is why we can’t have nice things”? Sure one mom’s vase is another’s right front fender, but the concept is the same. You, or one of your “hooligan” friends, had intruded on the sanctity of another’s possessions. As Tesla, and more than a few other companies have found out, it’s hard to have nice things, even when you’re a Fortune 500 company when unrestrained delinquents decide your data center is an excellent platform for their cryptocurrency mining efforts.

In the spirit of “this is the type of thing that happens to other people,” you might think that these unauthorized mining efforts are infrequent events. At first glance, I would tend to agree except that there’s a name for these odious exercises in free-loading behavior. The correct term is cryptojacking and, as we all know, when any activity has an official name it is a big deal.

The modus operandi for these excavators of digital means of exchange, that seem to have the same level of volatility as the Dutch Tulip Bulb market of 1637, is to illicitly infiltrate a large corporate or cloud data center and install their mining software. These types of attack are difficult to identify since the software operates in the background and the data remains unaffected.  While there are no direct red flags that a data center is now working in part to deliver ROI on the intruder’s investment, the costs to the impacted organization can be substantial. Higher usage levels can result in higher electric bills and degraded performance due to the mining application’s consumption of CRU resources and, in some instances, crashing one or more servers. According to security research firm Malwarebytes, organizations can incur “tens of thousands” dollars in costs before they realize that “we might have a problem here.”

While it may be understandable to discount the severity of cryptojacking since it seems somewhat esoteric as opposed to the efforts of serious hackers who seek out things like social security numbers, credit card data and nuclear missile launch codes, this appears to be a growth industry. Trend Micro reports that detections of unauthorized mining are ten times higher than last year, and cloud security firm RedLock estimates that 25% of companies have cryptojacking activity taking place in their data centers, which puts a rather significant dent in the ability to take solace in using the “Not in My Backyard” rationale.

Despite the wide fluctuations in the value of Bitcoin and other cryptocurrency permutations, the availability of software toolkits for prices as low as $30 seems to be making “why not” the default decision for the hacker looking to move from dilettante to hardcore professional. As a result of cryptojacking becoming more of a real vocation, the onus will be placed on IT to develop new; more granular security strategies since no data center operator wants to become the primary element in anyone’s investment portfolio.

The continued increase of hacking in general, and cryptojacking specifically, might give us cause to wonder if anything we do or develop is unexploitable. The answer, of course, is no, but although there will always be those who seek to capitalize on the efforts of others we should never stop our quest for nice things. But, as the folks at Tesla have found; we’ll have to work harder to keep them.