Right at the start of this year we had a crack at predicting what 2018 might hold in store. Much attention at that time was on Meltdown and Spectre, whose shockwaves continue to reverberate through the industry, with numerous new variants helping to demonstrate that one of the main sources of CPU speed in recent decades came with quite fundamental security baggage that is going to be hard to jettison. But while this was happening a new trend was also developing in more mainstream malware.
Back in 2017, ransomware incidents were big news. Wannacry and NotPetya were among some of the bigger headline-grabbing ransomware names, incidents in a series of events which brought global disruption and fear. A widespread and hasty locking of stable doors followed, with anti-malware tools adapted and updated quickly and across the board – and as a result we have seen a sharp decline in the amount of ransomware being detected.
At the same time as this heightened awareness and protection against ransomware came about, cryptocurrencies were growing in popularity and their use has now spread into the mainstream. This has lead hackers to refocus their efforts on cryptocurrency mining malware.
Crytocurrency is simply the creation of scarce units that are both useful (e.g. for buying things) and unique to one owner at a time. If people agree that these units (often called tokens or coins) are useful and scarce then they take on value – just like fiat or nation-state currencies are relatively useful and scarce, and hence valuable. The mechanism by which cryptocurrencies are given these characteristics does involve the use of cryptography (hiding or encrypting information), and it does involve the controlled, and typically quite slow and difficult, creation of new currency. Just like “mining” say for gold, quite a lot of energy is expended in the process of finding new units – in the case of cryptocurrency that energy is in the form of electricity powering computer chips or CPUs. The amount of energy consumed to process transfers of units between parties (i.e. transactions) and to mine for new units is huge – with Bitcoin alone currently consuming energy equivalent to a country the size of Austria. That all makes mining quite an expensive activity. Cryptojacking is about getting access to the scarce, valuable resource (cryptocurrency) without spending much or anything on process of getting it – i.e. by using someone else’s electricity instead of your own, and by doing that without asking.
Cryptojacking malware, such as Coinhive and Cryptoloot, have been appearing in increasing numbers over recent months. These types of malware work by using a victim’s computer or server to stealthily mine cryptocurrencies for the attacker’s profit. This might be done by exploiting a server-side vulnerability, such as Kitty cryptojacker exploiting the the Drupalgeddon 2.0 flaw, but can also take the form of javascript or WebAssembly code entering a PC via phishing emails or malvertising.
One of the most popular targets of these cryptominers is the currency Monero. Its privacy features in particular make transactions and wallets more difficult to trace, and its algorithm was designed especially for mining on ordinary computers, compared to say Bitcoin which really requires specialised hardware to have any chance of mining successfully.
Cybersecurity statistics for the first quarter of this year show that crypotmining attacks are increasing with alarming speed. Cryptominer variants grew from 93,750 in January to 127,000 in March.
Meanwhile ransomware variants decreased rapidly from 124,320 to 71,540 over the same period. But notwithstanding these stats, it is probably just a matter of time before ransomware re-emerges as a key threat. Despite this decrease in the beginning of 2018, ransomware is still lurking around and will no doubt reappear upon the discovery of an enticing new vulnerability to exploit.
In the meantime, our focus needs to shift to the risks now posed by cryptojackers. To protect yourself against crytomining attacks, you should:
- Regularly update all software and vulnerability patches for your operating system
- Use up to date anti-malware solutions
- Enhance security awareness for all your staff in terms of email safety
- Never install applications from an untrusted source
Speak to phew! today about protecting you and your business against hacking and cryptomining.