In news that will surprise precisely nobody, students have realized that they can abuse college resources for mining cryptocurrency. Following this, criminals realized that they can abuse students’ love of pornography and illegal movie streaming to do the same.
Well, Duh?
I said it wasn’t going to surprise anyone, but the figures, published in Vectra’s Attacker Behaviour Industry Report and summarized in this blog post, might.
According to the report, a staggering 60% of cryptocurrency mining detections occurred in the higher education sector. This was not so closely followed by healthcare (3%) and financial services (3%).
That is a truly astonishing proportion of detections accountable to just higher education. And as seen in this Reddit thread, many students don’t even perceive this misuse of university resources as questionable.
Bad Actors
We can’t attribute all of this figure to students taking advantage of free electricity and high bandwidth connections though. The report notes that higher education also accounts for the highest volume of attacker behaviors. The sector reports 3,715 detections per 10,000 devices, the majority of which is down to command and control (C&C) activity.
In fact, the C&C activity in universities and colleges is four times the industry average. Universities cannot enforce the same strict security controls that corporate entities employ. This leaves them wide open to attacks from malware and cryptojacking.
Add to this students’ propensity to visit potentially malicious sites, such as those offering illegal streaming, and the dangers become clear.
Cryptojacking
Cryptojacking utilizes the spare processing power of devices to mine for cryptocurrencies while they are browsing on certain websites. When Coinhive launched in September 2017, it opened the floodgates to a plethora of sites, utilizing the same technology.
This would be all very well, but many of these sites do not inform the user of their actions. Essentially, this amounts to hijacking the resources of unwary users of the site.
And the Outcome?
Whilst it may seem like an almost victimless crime, universities still have to pay for the electricity which they provide to students for free. This will manifest in higher course fees and/or taxes as higher education must be funded in one way or another.
Perhaps some of that funding should focus on educating students on how to avoid cyber attacks, as well as to not abuse the benefits they are provided with whilst studying?
What do you think about students taking advantage of free electricity to mine cryptocurrency? Let us know in the comments below.
Images courtesy of Pixabay.