Hackers, Students Do Cryptocoin Mining on University Networks

Hackers, as well as students, are reportedly running cryptocurrency mining operations on the academic networks of universities. A cyber security firm has been warning universities about such activities, which could turn out to be one of the key security risks that target the sector itself.

Cyber security firm Vectra points, based on its Attacker Behavior Industry Report, out that it’s not just hackers who target university systems to run cryptocurrency mining, it’s students too who do that in a bid to make some extra money, exploiting their inside access to the academic networks.

In a blog post titled ‘The alarming surge in cryptocurrency mining on college campuses‘, Christopher Morales, who is the Head of Security Analytics at Vectra® Networks, discusses this trend in detail.

Vectra had analyzed the top five industries exhibiting cryptocurrency-mining attack behaviors, namely Higher Education, Technology, Entertainment and Leisure, Financial Services and Healthcare over a period of six months. The Vectra blog says- “An analysis by Vectra of the top five industries exhibiting cryptocurrency-mining attack behaviors from August 2017 through January 2018 shows that higher education easily surpassed the remaining four combined.”

The analysis covered a total of 246 organisations and 4.5 million connected devices; a detailed press release from Vectra press states- “Vectra today announced that the higher education sector exhibited a startling increase in potentially damaging cryptocurrency mining behaviors as part of the company’s key findings in the new 2018 RSA Conference Edition of its Attacker Behavior Industry Report…The report reveals cyberattack detections and trends from a sample of 246 opt-in enterprise customers using the Vectra Cognito platform, across 14 different industries. From August 2017 through January 2018, Cognito monitored traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. By analyzing this metadata, the Vectra Cognito platform detected hidden attacker behaviors and identified business risks that enabled its customers to avoid catastrophic data breaches.”

The study report found that on an average, there were 165 infected devices and 1,403 malicious activities per 10,000 systems. In the higher education sector, there were 3,715 malicious events and 542 compromised devices while it was Engineering that came second, with 2,918 detections across 10,000 devices. This trend, as per Vectra, “…is primarily due to command-and-control (C&C) activity in higher education and internal reconnaissance activity in engineering.” The press release states- “C&C activity in higher education, with 2,205 detections per 10,000 devices, is four-times above the industry average of 460 detections per 10,000 devices. These early threat indicators usually precede other stages of an attack and are often associated with opportunistic botnet behaviors in higher education.”

As per the report, botnet activity is also high in higher education; Vectra had logged 151 detections, which is five times the industry average (33 detections).