Nvidia’s Anti-Cryptomining GPU Chip May Not Discourage Attacks

nvidia etx 3060

The hotly anticipated GeForce RTX 3060, a ray-tracing-friendly, advanced gaming graphics chip, will also throttle Ethereum mining.

Nvidia, the chip company known for its gaming-friendly graphical processing units (GPUs), said that its hotly anticipated GeForce RTX 3060 chipset, launching Thursday, has an added bonus of thwarting crypto-mining. Experts applaud the effort, but are skeptical the move will take the bullseye off the backs of gamers and their computer rigs.

“With the launch of GeForce RTX 3060 on Feb. 25, we’re taking an important step,” the company said in a statement. “RTX 3060 software drivers are designed to detect specific attributes of the Ethereum cryptocurrency mining algorithm, and limit the hash rate, or cryptocurrency mining efficiency, by around 50 percent.”

The company said the RTX 3060 is still built to support “real-time ray-tracing, DLSS AI-accelerated image upscaling technology, Reflex super-fast response rendering for the best system latency” and other advanced, high-end graphics perks.

So it’s not that performance has been lowered — rather, the drivers will simply perform some blocking-and-tackling in the form of throttling Ethereum-specific use. Ethereum (or Ether) is a cryptocurrency and platform – and represents the second-largest cryptocurrency by market capitalization, after Bitcoin.

“Simply put, Nvidia will try to detect the code you’re running, and purposefully…take out what amounts to denial-of-service (DoS) actions against software it thinks is trying to do Ethereum calculations on the GPU,” Paul Ducklin, researcher at Sophos security, explained in a blog posting.

It’s a logical approach given that calculations used for mining Ethereum (the algorithm is known as “Ethash” or “Dagger-Hashimoto“) will have a unique signature that the drivers can easily identify, he added.

“Reports we’ve seen suggest that Nvidia’s anti-crypto drivers work by detecting memory usage that looks like an [Ethereum] computation, which needs to follow unusual but unavoidable memory access patterns, and cutting the speed of ETH hashing in half,” Ducklin said.

Gamers and Cryptominers Square Off

The better processing power of GPUs has made the high-end processors targets for crypto-mining entrepreneurs, which has negatively impacted past Nvidia’s chip rollouts.

“GPUs…are pretty good at performing cryptographic calculations, like computing hashes such as as SHA-2 and SHA-3 at high speed,” said Ducklin. “This sort of algorithm is used at the heart of many cryptocurrency mining calculations. You can therefore see why cryptocurrency fans might be very keen to get their hands on the latest special-purpose hardware that can speed up the calculations needed to earn crypto-coins.”

That means that there’s usually a run on the chips when they first launch, as crypto-enthusiasts try to muscle out the actual target audience, the gamers.

“Selling plenty of product may be a great outcome for GPU vendors, but the artificial price inflation caused by stock shortages is a less welcome look for any mainstream company,” Ducklin said. “The company’s true customers – the end users who were after the product in the first place – end up feeling outmaneuvered by and aggrieved at the company itself, not the buyers who flipped for quick money.”

It’s not an uncommon phenomenon, either. “One of the largest impacts cryptocurrency has had is that it’s been near impossible for consumers to get high-end graphics cards for gaming and non-cryptocurrency purposes,” John Bambenek, threat intelligence advisor at Netenrich, told Threatpost.

Will This Thwart Crypto-Jacking?

But that’s not the only issue. Nvidia-powered machines continue to be the target of crypto-jackers, i.e., those who look to implant malware to surreptitiously mine for cryptocurrency, stealing victims’ processing power and electricity.

“Enterprises and consumers are also plagued by crypto-jacking as lower-end attackers try to abuse compute resources of victims to mine cryptocurrency,” Bambenek said.

However, Ducklin pointed out that when faced with a choice of getting half the ill-gotten gains versus zero ill-gotten gains, the cybercrooks will still go for the former.

“Sadly, this isn’t likely to discourage crypto-jackers,” Ducklin said. “Even though these new Nvidia drivers will halve the earning rate of the cybercriminals, the crooks aren’t paying for the electricity (you are!), so any unlawfully mined crypto-coins are still essentially free money for them.”

The question then becomes, will the throttled GPUs mine currency quickly enough to give malware-pushers an adequate ROI – one that allows them to recoup their labor costs incurred by infecting machines in the first place. Nvidia GPUs do have exploitable security flaws that often make headlines, after all – potentially easy avenues to infection.

It’s also possible that coders will come up with a workaround to the throttling, perhaps via a malicious update.

“We’re also wondering just how long it will take for unofficial patches to appear for Nvidia’s drivers in order to bypass the ‘Dagger-detector’ slowdown code,” Ducklin said.

Why Ethereum?

A recent report from Digital Shadows pointed out that Bitcoin mining is now generally carried out with high-end, purpose-built gear, and so it’s a non-factor for most consumer-level crypto-jacking — giving wings to alternative crypto-coins.

“In the early days, it was possible to mine Bitcoin using the average computer CPU or a high-speed video processor card; however, today, mining for Bitcoin requires dedicated Bitcoin mining hardware to make it a profitable endeavor,” according to the report.

That said, it’s been a trend that a large chunk of crypto-jacking malware tends to mine for Monero [PDF] rather than any other currency, making it unclear how much Nvidia’s move will cut down on gamers being targeted.

Monero uses the CryptoNight hashing algorithm, which is designed to be used on everyday computing machines: “Monero is designed to be more resistant to the application-specific integrated circuit (ASIC) mining, typically used to mine other cryptocurrencies such as Bitcoin. As a result, Monero can only be mined on consumer-grade hardware.”

This, along with Monero’s relative untraceability, has pushed the cybercriminal underground to embrace it for crypto-jacking, across multiple platforms.

For instance, PGMiner is a Linux-based Monero-mining botnet that exploits a disputed PostgreSQL remote code-execution (RCE) vulnerability to compromise database servers. And in February, researchers discovered a never-before-seen Monero-focused malware dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters.

And a cryptocurrency-mining malware called WatchDog has been running under the radar for more than two years – in what researchers in February called one of the largest and longest-lasting Monero crypto-jacking attacks to date.

Nvidia did not immediately return a request for comment on whether it will look to address Monero mining in the future.

Cornering the Cryptomining Market

Nvidia is also rolling out a chip that crypto-miners can call their very own.

“To address the specific needs of Ethereum mining, we’re announcing the NVIDIA Cryptocurrency Mining Processor product line for professional mining,” according to a company statement. “CMP products, which don’t do graphics, are…optimized for the best mining performance and efficiency. They don’t meet the specifications required of a GeForce GPU and thus don’t impact the availability of GeForce GPUs to gamers.”

Jack Mannino, CEO at nVisium, told Threatpost that even though the launch is aimed at above-board cryptomining endeavors, these kinds of chips are likely to be popular with cybercriminals too.

“The economics of hacking suggest that attackers will continue to gravitate towards digital currencies as they increase in value and become more prevalent in our daily lives,” he said. “While access to cryptocurrency was once reserved for early adopters, many banking and trading applications give consumers easy access. Ransomware that demands payments via cryptocurrency are a more viable attack path and will be something enterprises and consumers continue to wrestle with for many years to come.”

Is your small- to medium-sized business an easy mark for attackers? 

Threatpost WEBINAR:  Save your spot for 15 Cybersecurity Gaffes SMBs Make,” a  FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.

Suggested articles