Cryptocurrency mining attacks have gone through the roof, a report from Symantec dated April 10 indicates. The attacks also known as cryptojackings have gone up a record 8500% as criminals seek to harness the computing power of the crowd to mine coins. Symantec logged 1.7 million in December alone.
Cryptojacking involves using the computer resources of another person to mine coins without their knowledge. The process typically consumes a lot of electricity and compromises a computer’s performance.
2017 was yet another year of extraordinary cyber crime and mounting damage, Symantec says. Criminals are becoming more organised, innovative and sophisticated, the security company says in its latest report.
According to David Rajoo, Symantec’s systems engineer director for Philippines, Malaysia and Indonesia “Cryptojacking is a rising threat to cyber and personal security.”
“The massive profit incentive puts people, devices, and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers,” Rajoo said.
“Coin mining slows devices and overheats batteries. For enterprises, coin miners put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost,” the Symantec report says.
IoT Devices Ripe Target
IoT devices are a ripe target for such attacks, the report notes. “Symantec™ already found a 600 percent increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse.”
Interestingly, ransomware attacks have gone down although they have become more varied. This could indicate that criminals are finding mining more profitable.
It could also mean they have found more efficient tools. Wannacry was the most prominent and widespread ransomware attack. Several high profile institutions were hit by the service denial attack including the UK’s NHS and prominent shipping companies. The hackers demanded payment in cryptocurrencies.
According to Symantec, ransomware variants climbed by just 46% in what they say criminals are innovative less but remaining productive.
Google recently banned new cryptocurrency mining extensions over similar concerns. Existing ones will be pulled down from the Web Store by the end of June according to the tech giant. Google made the blanket decision after discovering a high number of extensions containing crypto miners were mislabelled.
Spear Phishing Main Mode of Attack
Spear phishing is the most popular way attacks are generally launched constituting 71% according to Symantec. It involves sending mail with malicious software designed to steal information from users.
Customers are advised not to open suspicious email as a way of avoiding attacks. These should also be deleted.
Spear phishing is a low tech method but remains highly effective. The US remains a major target for such attacks.
Attacks Through Supply Chain
Attacks through software supply chains went up 200% in the last year. This method involves implanting malware into legitimate software and leaving them in their usual location of distribution online.
As vulnerabilities become rare, attackers are increasingly using this method as an entry point. The Petya/Not Petya attack where a Ukrainian accounting software was used as a Launchpad is a case in point.
From Ransomware to Cryptojacking
The ransomware market seems to have shrunk since 2016 and the focus shifted to crypto-mining in 2017 as an alternative. Ransom demands, for example, dropped by half to $522 in 2017, Symantec points out.
Bitcoin mining is not a viable option on small computers due to sheer computing power needed. Alternative cryptocurrencies like Monero can, however, be easily mined through ordinary personal computers. Monero also has the advantage of anonymity.
Browser Mining Saw Biggest Jump
Browser based mining saw the biggest jump in 2017. This happens inside a browser and “implemented using scripting languages.”
The launch of browser based mining by Coinhive spurred interest in this area. In this model, users are given the option of running mining scripts on their computers instead of having to view adverts.
While users are urged to be transparent, Coinhive “is somewhat powerless to prevent unscrupulous operators from using it to carry out secret mining with the hope that users won’t notice.”
Browser based mining requires little skills and can be carried out even in some of the most protected computers.
As most users may not realise their computers are mining coins, the option presents a less disruptive way of earning easy money for attackers.
8 Million Mining Events Blocked in December Alone
Symantec blocked 8 million coin mining events in December alone marking an increase of 34,000 per cent since January 2017.
“Coinminers made up 24 percent of all web attacks blocked in December 2017, and 16 percent of web attacks blocked in the last three months of 2017, demonstrating the big impact of these browser-based coinminers,” Symantec said.
Consumer machines were the most affected. They work best on sites where consumers spend the maximum amount of time. Browser-based mining also means they work across several platforms whether they be Windows or Mac.
“Just as they are not limited to one operating system, cybercriminals distributing coin miners do not seem to be limited to using just one distribution vector. In the latter part of 2017, there were multiple reports of campaigns spreading coinminers.”
Miners use different distribution channels including deploying miners to unpatched machines, using Facebook and Messenger to install Monero miner on compromised WordPress sites. One such attack is said to have generated $100,000 before it was discovered.
Mobile malware continues to grow with variants up 54% in 2017.