Posted By SKYBOX SECURITY
If 2017 was the year of high-profile data breaches and ransomware attacks, 2018 seems to be the year of cryptocurrency-related malware. Cryptominers managed to impact 23 percent of organizations globally.
Cryptomining is relatively new, and not all are purely malicious. Some cryptominers are considered to be legitimate techniques to gain cryptocurrency, akin to placing ads on a website.
Essentially, cryptomining uses computational power to create new blocks in the blockchain of cryptocurrencies like Bitcoin. As more blocks are added to the chain, more power is needed. Cryptomining starts entering malicious territory when it uses other’s computational power without their explicit permission.
Confused? Cryptocurrencies are designed to be complicated in order to maintain integrity and avoid devaluation. If you want a quick crash course in all things cryptocurrency, blockchain and cryptomining, check out this IT Pro article.
During 2017, the cryptocurrency market grew nearly 20-fold (yeesh!). As of today, there are 1,555 different types of cryptocurrencies. And this continued rise has caught the eye of financially motivated threat actors.
Cybercriminals have taken an interest in utilizing the computing resources of compromised systems to mine cryptocurrency. They’ve targeted Windows servers, laptops, Android devices and even IoT endpoints. And cryptominers have become their own class of malware, including cryptominer-dedicated applications, browser-based apps and cryptocurrency wallet stealers.
Compared to other types of malware, unauthorized cryptomining on a host is often undetected or shrugged off as a nuisance. Being able to fly under the radar means less risk for cybercriminals, and the longer they go undetected, the more cryptocurrency they can mine. It’s this longevity of profit that’s making cryptomining rival one-time ransomware payments.
Despite the publicity BitCoin has received in recent months, Monero seems to be threat actors’ cryptocurrency of choice. Monero (which means “coin” in Esperanto, for all you constructed international auxiliary language buffs out there) is a decentralized cryptocurrency that grew from a fork in the ByteCoin blockchain. It’s open source and crowdfunded.
Unlike Bitcoin, Monero mining can be performed by computers with less computational power, making it a prime target for a mining-bot made up of standard corporate computing assets. XMRig is a legitimate, open-source XMR miner with multiple updated versions that supports both 32-bit and 64-bit Windows and Linux operating systems, and is commonly used in cryptomining malware, including to mine Monero.
In an enterprise environment, unauthorized or malicious cryptomining can have a major impact. Its consumption of computational resources can cause business-critical assets to slow down or stop functioning effectively. It also leaves an open door to let in other, more destructive or disruptive malware that can spread throughout an organization.
Cryptomining malware often relies on vulnerability exploits. Patching those vulnerabilities — especially on high-value servers — is the best first step.
You can also block browser-based cryptomining software by installing a plugin to warn you when a site is trying to use your machine to mine or that blocks the mining domains.
Lastly, individuals should be vigilant (as always) to avoid phishing emails with suspicious links and attachments; double check the wallet address you’re sending cryptocurrency to; and don’t download mobile apps from any source other than the official app store.
Learn more about Skybox Security :