One significant insight contained in the report is that cybercriminals who previously favored the use of malware and ransomware to shake down their victims are increasingly looking toward digital coin mining as a new frontier.
Explaining the new threat, an excerpt from the Trends Micro report reads:
“Throughout the next few months, we also saw a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining. These damaging threats — from the miners that quietly leech power from victims’ devices to the dangerous vulnerabilities that leave machines open to covert attacks — split limited security resources and divide the focus of IT administrators.”
A cryptojacking attack, while often escaping detection by network security personnel and users can have debilitating consequences for a network or computer equipment such as increased response time and extreme lags, physical degradation of hardware due to increased workload and overheating, and power usage spikes.
The attack is quite devastating because it makes use of a computer system’s graphics processing capability instead of its processor, which slows down a system’s operating speed with serious effects, particularly for an enterprise level computer operation.
The report states that as predicted in 2017, detection of cryptojacking incidents and attempts has increased twofold, and more pertinently, it continues to expand as cybercriminals increasingly see a future in digital currency crime. According to the report, not only is the number of incidents going up, but the number of cryptojacking malware families is also increasing, which shows that bad actors are investing considerable amounts of time and resources in developing cryptojacking as a new area of criminal enterprise.
The security roundup reveals that between January and July 2017, Trend Micro’s researchers documented a 141 percent increase in unauthorized crypto mining incidents. Over the same period, they also found 47 new cryptojacking malware families as hackers evolved and changed their mode of operation.
Strategies used for gaining access to systems to mine crypto included inserting malvertising into Google’s DoubleClick ad program, injecting infected advertisements into websites, deploying Adware downloader ICLoader, and even uploading mining script to AOL’s ad platform.
Over the course of 2018, there have been several reports of cryptojacking incidents affecting hundreds of websites including government websites and high profile platforms by cybercriminals mining Monero. Monero generally remains the cryptocurrency of choice for crypto jackers because it offers almost total anonymity as well as market liquidity.
It is challenging catching crypto jackers by tracing Monero wallet funds. This is because they use crypto blending services to launder their crypto funds before withdrawing them. To avoid becoming victims of cryptojacking, it is recommended that network security administrators should regularly look out for power usage spikes, unusual power usage patterns or other unauthorized activity on their networks.