As cryptocurrencies continue to increase in popularity and adoption, investors and users are experiencing an increase in malicious coin miners that utilize the semi-anonymity offered by cryptocurrencies for financial gain.
ITWeb Security Summit
This is according to Helge Husemann, product manager for Malwarebytes who spoke at ITWeb’s Security Summit 2018.
Husemann hypothesized that because the mining process can turn profits using regular computers paired with cross-platform compatibility, ‘the opportunity for threat actors and new attack vectors are steadily rising.’
“Hundreds of thousands of compromised machines are now working to mine for the latest and hottest digital currency in the market,” said Husemann. “Criminals that have compromised various IoT [Internet of Things] devices and assets to assist in illegal cryptocurrency mining have earned attackers an estimated $100 million to date. Mining tools illegally installed on business systems have caused applications and hardware to crash, causing operational disruptions lasting days and sometimes even weeks.”
With the boom in value of cryptocurrencies last year, ransomware variants like Wannacry, Notpetya, and Badrabbit caused the most damage, said Husemann. But he also asserted that crypto-jacking — the unauthorized use of someone else’s computing power to mine cryptocurrency — is increasingly being used in 2018.
Crypto-Jacking on Rise
The fluctuations of Bitcoin’s value, a problem for the business model of ransomware that relies on quick and repeated attacks characterized by small payments, as well as the development of new attack techniques able to provide a better payout ratio, have rapidly pushed crypto-jacking to the top of the info-security issues.
Husemann said last year YouTube experienced a threefold increase in illegal coin-mining via malware-embedded ads. He noted that Showtime, Browsealoud, as well as U.K. government websites, and more, fell victim to illegal mining activities — some of which went undetected for several months, netting the hackers behind the attacks hefty profits.
He said that on average, Malwarebytes has been blocking eight million malicious mining attempts per day — equating to an astonishing 248 million per month.
“The illicit gains from illegal crypto-mining contribute to financing the criminal ecosystem, costing billions of dollars in losses and disruption of business services from compromised assets.”
The cryptocurrency Monero — the 12th largest by market cap — is particularly suitable for crypto-jacking campaigns. According to Husemann, what makes Monero different from other cryptocurrencies is that it is cross-platform compatible, which means it doesn’t require the development of specific hardware that other coins like Bitcoin do.
Because of these features, what Husemann calls the ‘attack surface’ has dramatically increased — permitting attacks to go on across many IoT-connected devices at the same time:
“This January, our telemetry indicated that several million handheld devices were being redirected to specifically designed websites to perform nefarious Monero mining. [Moving forward] we can expect more IoT devices being compromised for the purpose of blockchain mining.”