Cryptomining has emerged as a powerful security threat, rising in volume in conjunction with the explosion in cryptocurrency values in recent months. Cryptomining software takes over personal computers, mobile devices and Internet of Things (IoT) devices in order to turn them into nodes on large networks, which create cryptocurrencies. Mining involves solving complex mathematical problems to validate transactions, and receiving a financial reward in return. Compromising a device for mining doesn’t necessarily involve an infection; developers have worked out ways to hijack client machines from within a browser window.
Cisco Talos just released a report on the new security threat cryptomining poses, stating, “mining related attacks have emerged as a primary interest for many attackers who are beginning to recognize that they can realize all of the financial upside of previous attacks, like ransomware, without needing to actually engage the victim and without the extraneous law enforcement attention that comes with ransomware attacks.”
Adversaries have been fostering new kinds of attack, which take advantage of the massive growth in the cryptocurrency sector, delivering cryptocurrency mining software to their victims in order to leverage the resources of infected systems for cryptocurrency mining. The better the computing power and performance of the targeted system, the more profitable it could be for the attacker.
IoT devices are becoming an increasingly attractive target because of their lax monitoring and lack of day-to-day engagement by users. Despite their relatively small computing power per device, the collective numbers of IoT devices that can be infected is high. Talos estimates that an adversary who had managed to enlist 2,000 devices into a botnet could earn $182,500 per year; and those with botnets comprised of millions of infected systems, could generate over $100M per year theoretically. Due to volatility in the cryptocurrency markets, these values may vary considerably day by day.
“It’s extremely hard to detect,” Alex Vaystikh, chief technology officer at SecBI Ltd., told Silicon Angle. “It’s basically a denial-of-service attack against your CPU.”
As detection is unlikely, these types of revenue stream could potentially continue indefinitely. The mining software isn’t technically malware, so the victims could remain a part of an adversary’s botnet for as long as the attacker requires them.
Last month, security experts from Palo Alto Networks uncovered a cryptocurrency mining operation, which had compromised 30 million systems from around the world using the open-source XMRig utility, to mine the cryptocurrency Monero over a four-month period.
Talos notes that the rise in cryptomining comes as ransomware’s popularity declines as systems and technology gets better at detecting and blocking ransomware efforts. Talos has observed that payloads are shifting from ransomware to cryptocurrency mining software, particularly in China and Russia.
Malwarebytes also recently reported the same finding: cryptomining is on track to surpass ransomware as the fastest growing form of malware.
“It’s a more sensible and straightforward way to make money without the trouble of encrypting files,” the report says. “You don’t need to bypass detection, and if you stay for 10 minutes you can generate 10 cents.”