A Canadian university shut down its entire network last week in response to a cryptomining attack, highlighting the potential disruption that can be caused by this relatively new strain of malware.
St Francis Xavier, which claims to offer the country’s “premier undergraduate experience,” explained in an update on Sunday that it was bringing systems back online in a staggered approach following the outage.
“On Thursday, IT Services, in consultation with security specialists, purposefully disabled all network systems in response to what we learned to be to be an automated attack on our systems known as ‘cryptocoin mining’,” the update continued.
“The malicious software attempted to utilize StFX’s collective computing power in order to create or discover bitcoin for monetary gain. At this time, there is no evidence that any personal information within our network was breached, however, ITS will continue to analyze and monitor for suspicious activity in the days and weeks ahead. ITS has also implemented heightened security measures in response to this event.”
All network passwords were also reset as part of the response to the attack.
Cryptocurrency mining is on the increase. McAfee noted that detections of coin mining malware rose 629% in the first quarter to more than 2.9 million samples, while Trend Micro claimed detections rose 956% between the first half of 2017 and the same period this year.
Don Duncan, director at NuData Security, explained that it’s an increasingly lucrative way to make money without drawing attention to the attack, as ransomware does.
“They just infect users like this college network, and then siphons off power to mine cryptocurrencies. You would not necessarily notice it until all systems start to slow down.
There is also the potential that this breach can be used for other purposes later on, especially if it downloaded another type of malware at the same time, he added.
“The university had no choice but to deprive these hijackers further access by shutting down systems to understand the scope of the issue. In situations such as this real-time visibility into the status of existing systems is critical as it helps to identify potential threats early mitigating future damage.”