Some are also repurposing existing exploits for cryptojacking campaigns. Better malware authors see better returns, but with millions of samples of mining malware recently recorded, it is clear that a wide range of cybercriminals are refining their ability to exploit this rising threat vector.Ĭryptominers also offer an efficient way for cybercriminals to profit off their other work, leading many malware authors to add mining features into their attacks as a form of secondary payload that generates passive income. As such, these attacks are really a game of scale, generating more substantial earnings as the malware infects more devices or websites. While cryptojacking payouts can be slow and small, they can offer a steady stream of income with relative ease as long as they go undetected, and as this strategy makes mining relatively resource-neutral, any earnings are essentially pure profit. Cybercriminals are investing work to develop very good malware because it could be more profitable than other malware, depending on how many devices they infect or how long it goes undetected.” “With cryptojacking, however, it’s more of a long-term investment. “If you invest in a company and they pay out, you can’t attack and charge them again-the company would say they have already paid and won’t again,” said Carles Lopez-Penalver, analyst at cybersecurity firm Flashpoint. But while ransomware generates large one-time payments, such attacks require more investment from attackers and limit the returns. Ransomware has seen an exponential rise as a top form of attack and made headlines with crippling incidents in recent years, and cybercriminals will not stop using this malware any time soon. The firm called the rise of malicious cryptominers a “game-changer” for malware, noting the lower but longer-lasting income will ensure its spread, continuing to attract more threat actors. “This suggests that cybercriminals are continuing to warm to the prospect of simply infecting users’ systems and collecting payments without having to rely on third parties to monetize their crimes,” the firm noted.Īlso in June, Kaspersky Lab reported that the number of users who have encountered mining malware increased by 44% in the past year. The concept is relatively simple: Rather than get victims to give them cryptocurrency, attackers use victims’ resources to generate coins for themselves, eliminating most of the fixed costs.Īccording to its June threat report, researchers from McAfee Labs saw a 629% increase in coin miner malware in the first quarter of 2018, jumping to more than 2.9 million total known samples from around 400,000 in Q4 2017. Cryptomining malware is abundantly available for purchase on the Dark Web and requires relatively little effort to spread, compared to more targeted and labor-intensive hacks, making it a relatively easy option for individuals of different skill levels to deploy. These attacks are simple but efficient, offering a means of monetizing infections or access to users’ systems. Hackers are deploying cryptomining malware across a broad range of targets including smartphones, PCs, servers and IoT devices and have found ways to incorporate mining code into websites, drawing resources from browsers in fileless attacks. And, as the funds go directly into the criminals’ digital wallets, profits are also far more anonymous. The concept is relatively simple: Rather than get victims to give them cryptocurrency, attackers use victims’ resources to generate coins for themselves, eliminating most of the fixed costs. Further, the way Monero is built means that any machine can mine for it, whereas mining bitcoin requires specialized hardware that most users do not have. The most frequent object of these attacks is the cryptocurrency Monero, which has become a preferred coin on the Dark Web because it offers more privacy than bitcoin. But, as with any profitable endeavor, greed can be the mother of invention, in this case, spurring a surge in the development of malware that leeches computing power for the attacker to channel into mining.Ĭryptojacking attacks siphon off victims’ CPU (computer processing unit, which carries out the machine’s work) and electricity to mine cryptocurrencies. With the average bitcoin transaction taking enough energy to power 34.8 American homes for a day (as of July) and the most successful mining operations now conducted on dedicated server farms, the money to be made in the cryptocurrency market does not come cheap. As prices have soared, so has interest and incentive to mine digital currency, a resource-intensive process that requires significant computing power-and, in turn, electricity-to complete complex mathematical problems and earn coins. With sky-high levels of both value and hype, the cryptocurrency market is booming. This post first appeared on Risk Management Magazine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |