Last year, ransomware was all the rage – WannaCry and NotPetya grabbed headlines, performing devastating attacks and leaving destruction in their wake. This year, however, it’s cryptocurrency mining malware that took central stage and its popularity continues to increase, well into 2018. More specifically, its’ numbers have grown by 459%, according to the report from the Cyber Threat Alliance (CTA) that relies on statistics gathered from several of its member companies. It’s called “The Illicit Cryptocurrency Cyber Threat” and warns that current state of things shouldn’t be treated lightly, as it’s here to stay and isn’t just something that had occurred by accident.
This is due to the fact that cryptocurrency, despite some reports that projected it devaluing soon, isn’t doing so and remains expensive, thus making it a hot commodity and a value to cybercriminals. They aren’t going to pass an opportunity to make extra money and aren’t shy of abusing as many computers as possible to achieve their goals. A lot of them are vulnerable to attacks, so con artists have their work cut out for them, infiltrating the devices and turning them into hosts for their various creations.
There’s a flip side to that coin as well – should cryptocurrency considerably go down in price, it will lose its lore for those who develops threats and they will switch to something else. According to “The Illicit Cryptocurrency Cyber Threat”, cybercriminals will then return to using ransomware and stealing personal data. It also says that there could be attacks on “non-currency-related blockchain technologies” in development that firms may use to “track transactions, share information, maintain records or uphold smart contracts”.
For example, there’s a danger of smaller blockchain networks being subjected to so-called “51 percent attacks” when con artists overtake a majority of the blockchain’s hashing power. This then lets them stop transactions and even go so far as alter records. Per “The Illicit Cryptocurrency Cyber Threat”, “a successful attack of this kind on a blockchain could have devastating consequences, depending on what the enterprise blockchain is being used for”. And potential dangers don’t end here, as the report also says that rogue nation-states are going to increase their activity in cryptomining.
Doing so will allow them to raise funds, bypass sanctions and will assist them in waging cyberwarfare. There’re already signs pointing to North Korean cybercriminals employing ransomware, robbing banks via the Internet and breaking inside digital wallets. Because of that, CTA concludes that there’s “little reason to believe that they would not conduct illicit cryptocurrency mining as another way to raise funds”. They also add that other nation-states, including Iran, are very likely to follow suit to try and get the maximum out of the possibilities provided.
Speaking of numbers, the aforementioned member companies’ reports support the one done by CTA. Fortinet, for example, said last June that the number of its customer firms that were affected by miners increased from 13% in Q4 2017 to 28% in Q1 2018. A June McAfee report speaks about more than 2.9 million samples of cryptocurrency mining malware in Q1 2018, which is a 629% rise from the nearly 400,000 samples that were found during the previous quarter. And Charles McFarland, senior research scientist at McAfee, said in a blog post that the research report “represents the first joint industry initiative to educate enterprises and consumers about the growing threat of cryptocurrency mining. By improving security postures and adhering to proper security practices, we can increase the difficulty of these attacks succeeding, thus disrupting malicious behavior.”
“The Illicit Cryptocurrency Cyber Threat” also mentions Smominru, which is a threat that’s used to mine Monero. It’s often given a look of legitimate applications and this allows it to breach the systems without being detected by security software. This same scheme is employed by other malware of that kind. As of July 2018, 85% of all the illegal cryptocurrency mining has been dedicated to Monero, which isn’t really surprising, as it has been highly criticized in the past for letting people who use it to secretly send and receive money. No identity is required for that and this makes it very appealing for con artists. According to a report published by Bloomberg, viruses that make it possible for them to get money at the expense of other computers resources are exploiting the NSA software flaw, with Bitcoin amounting to approximately 8% of the illicit mining and others amounting to 7%. It should be noted that illegal mining could lead to the market being oversaturated, which can result in cryptocurrency prices going down.