College Kids Turn to Crypto-Mining, Riddling Higher-Ed Networks

The higher-education landscape has become a fertile field for growing crypto-mining revenue. College students are crypto-mining from their dorm rooms, while outside actors are targeting their online activities for web-based attacks.

According to Vectra’s 2018 RSA Conference Edition of its Attacker Behavior Industry Report, higher education is a prime arena given that students are usually not protected by universities’ open networks. These same students also do their own crypto-mining, because they get free electricity.

“Students are more likely to perform crypto-mining personally as they don’t pay for power, the primary cost of crypto-mining,” said Chris Morales, head of security analytics at Vectra. “Universities also have high-bandwidth capacity networks with a large volume of easy targets, especially as students are more likely to use untrusted sites (like illegal movies, music and software) hosting crypto-mining malware.”

The report, which analyzed traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data-center and enterprise environments, found that 60% of cryptocurrency mining detections occurred in higher education, followed by entertainment and leisure (6%), financial services (3%), technology (3%) and healthcare (2%). Mining overall has surged with the rising price of cryptocurrencies like Bitcoin, Monero and Ethereum.

Colleges and universities aren’t just over-indexing in crypto-mining. The highest volume of attacker behaviors per industry were in higher education (3,715 detections per 10,000 devices) followed by engineering (2,918 detections per 10,000 devices).

This is primarily due to command-and-control (C&C) activity in higher education, according to the report, and internal reconnaissance activity in engineering. To the former point, C&C activity in higher education, with 2,205 detections per 10,000 devices, is four times above the industry average of 460 detections per 10,000 devices. These early threat indicators usually precede other stages of an attack and are often associated with opportunistic botnet behaviors, Vectra said.

Higher education can only respond to students when they detect crypto-mining with a notice the activity is occurring. They can provide assistance in cleaning machines, or in the case of the student being responsible, they can issue a cease-and-desist. As such, the problem is likely to persist.

“Students are exceedingly intelligent and very enterprising,” said Daniel Basile, executive director of the Security Operations Center (SOC) at ‎Texas A&M University. “This is a time that many of them are working with new technologies, and it is not surprising that they utilizing their machines for cryptocurrency mining. However, there is also a large increase in websites that will crypto-jack your PC while you are on their website. This new trend of mining Bitcoin for revenue instead of ads can directly affect students. With the increase in online video streaming resources, this creates a large amount of cryptocurrency mining.”