Light Dark
July 9, 2018 By David Bisson 3 min read

Crypto-mining malware activity grew significantly in the first quarter of 2018, according to new research, suggesting that threat actors are finding this tactic to be more lucrative than traditional ransomware attacks due to the increasing popularity and value of digital currencies.

But this shift doesn’t signal an end to the threat of ransomware — rather, it points to an evolution toward more targeted attacks against specific organizations and industries, such as healthcare, that are most vulnerable and store particularly valuable data.

Cybercriminals Shift Tactics Amid Cryptocurrency Gold Rush

In short, this new trend shows that cybercriminals follow the money. Amid the rising popularity of cryptocurrencies like bitcoin, Monero and Etherium, threat actors have embraced crypto-mining schemes as a way to generate illicit financial gains with the least amount of effort, in the shortest time possible — and at a relatively low risk of discovery.

According to McAfee Labs Threats Report: June 2018, researchers observed more than 2.9 million samples of crypto-mining malware in the first quarter of 2018 — a 629 percent increase from just 400,000 samples in the last quarter of 2017.

“Cybercriminals will gravitate to criminal activity that maximizes their profit,” said Steve Grobman, chief technology officer (CTO) at McAfee, in a June 2018 press release. “With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.”

Troy Mursch, the security researcher behind the website Bad Packets Report, noted that the industry is seeing so many JavaScript-based crypto-miners because most modern browsers run JavaScript. This means that nearly every web user is a target of malicious crypto-jacking attacks.

Alternatively, attackers can maximize their computing power by infecting a server or other network asset with crypto-mining malware. This tactic makes enterprise networks particularly lucrative targets for crypto-jacking campaigns. Also, browser-based crypto-mining doesn’t require attackers to craft an exploit — and the action usually goes undetected so users might not know they’ve been infected for some time.

Why Ransomware Is Down but Not Out

These characteristics of crypto-mining could explain why some attackers have moved away from traditional ransomware. Victims also know when they’ve suffered a ransomware infection and can respond accordingly, which demotivates potential attackers.

But the fact that opportunistic attackers are leaving ransomware behind doesn’t mean the threat is over and done — it’s merely changing. For instance, threat intelligence provider Recorded Future noted that ransomware attack campaigns are becoming more targeted in nature. This is evident in ransomware actors’ penchant for going after healthcare, an industry in which resource deprivation can threaten people’s lives and trigger urgent responses. According to insurance company Beazley Group, healthcare targeting accounted for 45 percent of all ransomware attacks in 2017.

Attackers are also beginning to leverage the mere threat of high-profile ransomware to extract payment. Action Fraud, the U.K.’s cybercrime reporting center, detected one such scam campaign warning users that they had been infected with WannaCry. In actuality, the emails simply aimed to scare recipients into sending a bitcoin payment, limiting the necessity of even distributing malicious software to obtain its gains.

How Companies Can Defend Against Crypto-Mining Malware

Amid the growth of crypto-mining malware and the ongoing evolution of ransomware, enterprises can defend themselves against crypto-mining malware by investing in an endpoint security solution and creating a patch management program.

Because ransomware relies on suspicious emails and software vulnerabilities for distribution, users can guard against its primary attack vectors by following best security practices. Organizations can further defend themselves by regularly updating antivirus software and training employees to refrain from engaging fraudsters over email.

 |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature