Why cryptocurrency mining malware is the new ransomware

The number of cryptojacking attacks is still growing - and criminals are likely to be looking at exploiting mobile devices as much as PCs in the near future.
Written by Danny Palmer, Senior Writer

If 2017 was the year of ransomware, then 2018 is the year of malicious cryptocurrency mining attacks as some cyber criminals turn away from encrypting files in the hopes of scoring a one-off payment in favour of infecting victim's machines with cryptojacking malware and playing a longer game.

The premise is relatively simple: attackers infect a PC, server, smartphone or even IoT-connected device with malware, and secretly use the processing power to mine for the cryptocurrency.

Outside of extreme scenarios when too much power is used and damage is done to the machine, users don't really think too much about why their computer is running a bit slower or that the fans are working slightly harder.

Cryptocurrency mining has become a highly lucrative endeavor for cyber criminals, and has boomed following the high-profile rise of bitcoin and other cryptocurrencies.

Monero, in particular has become a popular target for cryptojacking attacks because not only does the way it is built mean that any machine can mine for it -- as opposed to the specialist set-ups required to mine for bitcoin -- but it also comes with the additional bonus of anonymity, meaning it's difficult to track where the money ends up.

So perhaps it's no surpise that the number of cryptojacking attacks has continued to grow over the course of this year with figures in the new McAfee Labs Threats Report for June 2018 stating that samples of coin-miner malware are up 629 percent to 2.9 million known samples, compared to 400,000 samples in the final quarter of last year.

SEE: Cryptocurrency-mining malware: Why it is such a menace and where it's going next

The reason for the big jump is that cryptojacking is a simple but efficient attack -- with the added bonus of being far more subtle than ransomware, while also offering the potential for long-term illicit earning.

"Perpetrators are focused on one main goal: monetising their criminal activity quickly, with very little effort and using as few middlemen as possible. They want to execute their crimes in the shortest time possible and with the least risk of discovery," Christiaan Beek, lead scientist and senior principal engineer at McAfee told ZDNet.

"The rise in these attacks shows the extent to which cybercriminals are increasingly focused on making a quick profit and willing to target any vulnerability to do so. Bad actors are demonstrating a remarkable level of technical agility and innovation with many attack schemes being tweaked in creative and complex ways to remain profitable," he added.

It isn't only McAfee which has warned about the growing danger of cryptojacking attacks -- the rise of coin miners features prominently in Kaspersky Lab's latest Kaspersky Security Network report. It dubs malicious cryptocurrency mining a "game changer" for malware.

Of those using Kaspersky products on Windows systems, 205,000 users experienced cryptocurrency miners in 2013. By the end of 2017, 2.7 million users had experienced an attempted cryptojacking attack. That was a significant 1.5 times more than the number of attacks in the previous year -- and the threat is only going to keep growing.

"While ransomware has provided a potentially large but one-off income for its cybercriminals, miners will provide a lower, but longer lasting one," warns the Kaspersky report, adding, "Miners will keep spreading across the globe, attracting more people".

SEE: What is malware? Everything you need to know about viruses, trojans and malicious software

And the impact will only get worse once attackers find a means of efficiently attacking smartphone operating systems with miners.

"Once criminals find a technological solution that makes the profits from mining on mobile devices equivalent to those from mining on PCs, mobile mining will quickly become equal," said the report.

But despite the stealthy nature of cryptocurrency mining attacks, it is still a form of malware, which means if organisations take the correct approach to security, they can avoid falling victim to this power-draining menace.

"No matter their size, they must all do their due diligence. This means making sure that tools and systems can work together and removing siloed security teams," said Beek.


Editorial standards