Cryptominers More Lucrative, Lower Risk Than Ransomware

Sivan Nir Mar 28, 2019

If 2017 was the year of high-profile data breaches and ransomware attacks, 2018 seems to be the year of cryptocurrency-related malware. Cryptominers managed to impact 23 percent of organizations globally.

Cryptomining is relatively new, and not all of it is purely malicious. Some cryptominers are considered to be legitimate techniques to gain cryptocurrency, akin to placing ads on a website.

  • What is Cryptomining?

Essentially, cryptomining uses computational power to create new blocks in the blockchain of cryptocurrencies like Bitcoin. As more blocks are added to the chain, more power is needed. Cryptomining starts entering malicious territory when it uses other’s computational power without their explicit permission.

Confused? Cryptocurrencies are designed to be complicated in order to maintain integrity and avoid devaluation. If you want a quick crash course in all things cryptocurrency, blockchain and cryptomining, check out this IT Pro article.

During 2017, the cryptocurrency market grew nearly 20-fold (yeesh!). As of today, there are 1,555 different types of cryptocurrencies. And this continued rise has caught the eye of financially motivated threat actors.

  • Malicious Cryptomining Purely for Financial Gain

Cybercriminals have taken an interest in utilizing the computing resources of compromised systems to mine cryptocurrency. They’ve targeted Windows servers, laptops, Android devices and even IoT endpoints. And cryptominers have become their own class of malware, including cryptominer-dedicated applications, browser-based apps and cryptocurrency wallet stealers.

Compared to other types of malware, unauthorized cryptomining on a host is often undetected or shrugged off as a nuisance. Being able to fly under the radar means less risk for cybercriminals, and the longer they go undetected, the more cryptocurrency they can mine. It’s this longevity of profit that’s making cryptomining rival one-time ransomware payments.

  • Move Over BitCoin, Monero is for Malicious Cryptominers 

Despite the publicity BitCoin has received in recent months, Monero seems to be threat actors’ cryptocurrency of choice. Monero (which means “coin” in Esperanto, for all you constructed international auxiliary language buffs out there) is a decentralized cryptocurrency that grew from a fork in the ByteCoin blockchain. It’s open source and crowdfunded.

Unlike Bitcoin, Monero mining can be performed by computers with less computational power, making it a prime target for a mining-bot made up of standard corporate computing assets. XMRig is a legitimate, open-source XMR miner with multiple updated versions that supports both 32-bit and 64-bit Windows and Linux operating systems, and is commonly used in cryptomining malware, including to mine Monero.

  • Why is Unauthorized Cryptomining a Problem?

In an enterprise environment, unauthorized or malicious cryptomining can have a major impact. Its consumption of computational resources can cause business-critical assets to slow down or stop functioning effectively. It also leaves an open door to let in other, more destructive or disruptive malware that can spread throughout an organization.

  • How You Can Stay Safe

Cryptomining malware often relies on vulnerability exploits. Patching those vulnerabilities — especially on high-value servers — is the best first step.

You can also block browser-based cryptomining software by installing a plugin to warn you when a site is trying to use your machine to mine or that blocks the mining domains.

Lastly, individuals should be vigilant (as always) to avoid phishing emails with suspicious links and attachments; double check the wallet address you’re sending cryptocurrency to; and don’t download mobile apps from any source other than the official app store.

Related Posts

The Cryptomining Malware Family: Cryptomining malware comes in many shapes and sizes, from browser-based software to cryptocurrency wallet stealers and dedicated applications

Top Malware in 2018 — What to Watch For: Skybox’s new Vulnerability and Threat Trends Report lays out the top malware and points to the trend of hybrid, changeling malware

6 Vulnerabilities to Follow in 2018, According to Skybox Research Lab: Skybox’s new Vulnerability and Threat Trends Report lays out the vulnerabilities to play a major role in 2018’s threat landscape

Sivan Nir is a senior analyst in the Skybox Research Lab, a team of dedicated vulnerability researchers who aggregate and analyze vulnerability data from more than 30 public and private vulnerability data sources. Sivan has more than 10 years’ experience  in business intelligence data analysis. Sivan holds an MBA and a bachelor’s degree in Biotechnology Engineering.

Recent Posts

Skybox 2021 Vulnerability and Threat Trends Report reveals emerging security challenges and growing need for exposure analysis
Read More
Biden Cybersecurity Executive Order
Read More
CISA Alert – Top routinely exploited vulnerabilities
Read More
3 trends shaping security posture management for 2021
Read More
Skybox Q&A: CRO Rob Rosiello identifies today’s and tomorrow’s top cybersecurity issues as the world reopens
Read More
Post-pandemic cyber threats
Read More