A recent report by the Japanese multinational cyber security and defense company TrendMicro shows an alarming increase in hidden mining in 2018 compared to last year. According to TrendMicro’s Midyear Security Roundup, cybercriminals refrain from extortion programs in favor of more hidden methods of stealing money and seizing valuable computing resources.
“In 2018, we also started detecting only cryptocurrency miner families that have outright malicious behaviors. Despite this distinction, we still saw 47 new cryptocurrency miner malware families. This indicates that different groups, rather than just an invested few, are mobilizing to take advantage of stealthy means to mine cryptocurrency.” explains the report.
Throughout the first half of 2018, hackers used a variety of vectors, including server exploits, a PHP vulnerability, malvertisements, other forms of malware, and even a potential financial scam site, with the end goal of installing miners. This pattern continues the trend seen in 2017, where cybercriminals seemed to be exploring all possible avenues, knocking down multiple paths to see which would bring them the most gains.
Cybercriminals used different tactics to distribute cryptocurrency miners. The above figure shows the timeline of tactics they used in the first half of 2018.
The interest in cryptocurrency is so high that some hackers have gone the direct route to the virtual currency by hacking into large cryptocurrency exchanges. Hackers took off with US$500 million worth of NEM coins by breaking into one such cryptocurrency exchange on January,21 while hackers in India stole US$3.3 million worth of bitcoins from another in April.22 Interestingly, these trends persisted even as the value of cryptocurrency itself declined throughout the first half of the year.
From an enterprise point of view, the presence of unauthorized cryptocurrency miners in the network is a red flag not only for the affected individual user device but also for overall network security. The damage from cryptocurrency miners, particularly the intentionally malicious ones, is not as straightforward as the more visceral effects of ransomware, but this does not mean that enterprises do not pay a price. Cryptocurrency miners hijack computer resources, which can be maxed out in the process of mining. This can affect network performance and result in hardware wear and tear, which in turn can lead to a diminished asset lifespan and increased energy consumption. The new challenge for enterprises lies in the fact that cryptocurrency miners are less visible, more silent threats, the non-detection of which is likely to induce a false sense of security.
Full report can be found here: https://documents.trendmicro.com/assets/rpt/rpt-2018-Midyear-Security-Roundup-unseen-threats-imminent-losses.pdf