Blog

Cryptomining is hottest new malware type, research reveals

Skybox Research Lab discovers cryptomining is the fastest-growing malware category, signaling trouble ahead for enterprises

By John Papageorge, Skybox Security OCT 5, 2021

In the Vulnerability and Threat Trends Mid-Year Report 2021, Skybox Research Lab discovered that malware programs exploiting new vulnerabilities grew 20% relative to H1 in almost every category from ransomware to botnet to trojan attacks. However, cryptojacking has risen the malware charts faster than a Taylor Swift pop single with a killer hook.

Cryptomining shows how malware bad actors aren’t just malicious – they’re savvy entrepreneurs. So, if you’re in the crypto business and think it’s only wingnuts and mischief makers randomly testing if they can sneak in past your security to show how smart they are — you’re being naive. These bad actors have a business plan, tools and processes to launch attacks designed to exploit vulnerabilities and profit from your gullibility.

Cryptomining is a lucrative activity. And that should scare you.

Today, the only crypto business gating factor is the computation required to mine bitcoin and some other cryptocurrencies. But that process is weak, and miners are poaching computing power inside enterprise networks with ready-made exploit kits designed for cryptomining. In some cases, malware-as-a-service providers lease botnets composed of already-infected machines to cryptominers.

Imagine that conversation happening in a dark web side alley: Psst. Hey buddy. Want to lease a crypto malware kit to profit from those suckers?

Cryptomining and ransomware aren’t just two of the fastest-growing malware categories — they also exploit the greatest variety of vulnerabilities; more than all other categories of malware combined. By creating programs that exploit an array of vulnerabilities, malware providers can serve a wider range of customers with a single product. These versatile programs are like Swiss Army knives, multipurpose tools that can be used for a range of exploits.

Many companies have heeded the warnings of cryptomining with their own research. “We found that 69% of organizations experienced some level (at least one end-user instance) of unsolicited cryptomining.” – Cisco[1]

This clearly indicates that malware creators have new vulnerabilities on their radar and are actively developing novel malware to take advantage of the latest weaknesses. Often this is accomplished by simply tweaking existing malware to perform new exploits. In effect, malware evolves like viruses, with new variants springing up opportunistically in response to a changing environment.

Crypto mining has another effect on businesses. Unfortunately, it poses a cybersecurity threat. In a process known as cryptojacking, cybercriminals use malware to covertly gain control of your computers, smartphones, and servers. From there, they can use your device’s processing power as part of their overall mining operation.

Because it operates in the background, you may not notice it’s there. Yet, the effects are destructive. Your processing power is occupied so your computer slows down. Plus, you’ll pay extra electricity costs to keep the rig running all while someone else profits from that exploitation. No one wants to be the victim to a parasite.

It’s estimated that as many as 55 percent of global organizations have suffered from cryptojacking, and the threat is becoming more serious than ransomware and other modern-day cyberattack methods

In response to the cryptojacking threat, enterprises must not only get better at preventing infection in the first place, but also at implementing and enforcing policies that cordon off infected machines and prevent them from exfiltrating data. This consists in identifying potential ingress and egress paths and ensuring proper configuration, access controls and measures such as network segmentation.

To combat crypto attacks, more companies depend upon security solutions that offer powerful exposure analysis capabilities to identify exploitable vulnerabilities and correlate this data with an enterprise’s unique network configurations and security controls. This determines if the system is potentially open to a cyberattack. This includes path analysis used to ascertain which attack vectors or network paths could be used to gain access to vulnerable systems.

[1] 2021 Cybersecurity threat trends: phishing, crypto top the list, Cisco, 2021.