Cryptocurrency mining impacted 42% of organisations worldwide in H1 2018

Cryptocurrency mining impacted 42% of organisations worldwide in H1 2018

Cryptocurrency mining impacted 42% of organisations worldwide in H1 2018

Earlier this year, Symantec Threat Intelligence revealed that cryptocurrency mining (cryptojacking, cryptomining) operations rose by 1,200 percent in the UK in a matter of a few months. In March, the UK ranked fourth in the world in terms of cryptocurrency mining operations behind the United States, Japan, and France.

Hackers behind such cryptocurrency mining operations not only targeted individual home computers or enterprise systems but also targeted giant servers and cloud infrastructure to mine cryptocurrency.

In February, for instance, a massive cryptocurrency mining operation forced the government to shut down hundreds of websites belonging to the Student Loans Company, several NHS services, and local councils. The operation was carried out by hackers who compromised a widely-used browser plug-in to spread their web to thousands of websites and subsequently mined cryptocurrency using the processing power of infected devices.

Steve Giguere, lead EMEA engineer at Synopsys, then warned that the technique that hackers employed in February to use government websites to mine cryptocurrency, could also be employed for DDoS attacks in the future.

Cryptocurrency mining beats ransomware attacks

It seems his prophecy is now coming true. A new report from security firm Check Point has revealed that the percentage of organisations impacted by mining rose from around 20 percent last year to 42 percent worldwide in the first three months of 2018.

"Motivated by a clear interest to increase the percentage of computational resources leveraged, and crafted to be even more profitable, crypto-miners today target anything that could be perceived as being in their way.

"As a result, we have witnessed crypto-miners targeting SQL Databases, industrial systems, a Russian nuclear plant, and even cloud infrastructure. Crypto-miners have also highly evolved recently to exploit high-profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates.

"As threat actors become more aware of the lucrativeness of the crypto-business, even more than other exploits, there is almost never a day that goes by without some kind of crypto-threat making the headlines," the firm noted.

Cloud infrastructure the new target

Researchers at Check Point added that hackers behind cryptocurrency mining operations have taken a new liking for cloud infrastructure, considering that cloud servers have a vast computational power that can facilitate efficient mining. Well-known attacks on cloud infrastructure in the past few months include the ones on Docker and Kubernetes systems as well as the one on Tesla's internal cloud servers.

"Application Programming Interfaces (APIs) that are used to manage, interact and extract information from services have also been a target for threat actors. The fact that cloud API’s are accessible via the Internet has opened a window for threat actors to take advantage and gain considerable access to cloud applications.

"As time passes, it seems that the cloud’s threats will continue to evolve. Attackers will continue to develop more and more tools for their cloud playground, pushing the limits of the public cloud services. Indeed, as new cloud exploitations emerge, there is no doubt that the next attack is already taking place," they warned.

Statistics released by Check Point revealed that of all organisations worldwide that have been affected by cryptocurrency mining malware this year, 30% have been impacted by Coinhive, 17 percent by JSECoin, 7 percent by XMRig, 6 percent by AuthedMine and 3 percent by RubyMiner.

Commenting on the fresh rise in the number of cryptocurrency mining operations, Andy Norton, director of threat intelligence at Lastline, said that cryptocurrencies like Monero have really opened the door for botnet operators to create this trend.

"Monero brought two key things to the criminal arsenal: Firstly it uses the cryptoknight algorithm which is suitable to mine coins on everyday devices, and secondly it uses ring signatures which offer complete anonymity to botnet miner. Recently the botnet operators started adding tried and trusted malware evasion techniques to the mining payloads in order to avoid being blocked by sandbox checks," he said.

ALSO READ: Cryptocurrency mining operation that targeted govt websites could be the 'first of many', expert warns

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles