What drives the online cryptomining business
Over the past six months, we’ve seen a major increase in the number of attack campaigns with the ultimate goal of mining cryptocurrency. So, what is driving a widespread shift from attackers and creating a significant trend in the industry?
Intelligence Director at Palo Alto Networks, Ryan Olson derives three factors that are at work:
The price of many cryptocurrencies has increased dramatically in the last 12 months, making it more profitable to mine coins compared to other criminal business models.
The risk of using a compromised PC to mine cryptocurrency is currently much lower than using it for other criminal activities.
One particular cryptocurrency, Monero, provides its users with very high privacy and can be mined efficiently on a regular desktop or laptop PC. These properties are not true of other cryptocurrencies, like Bitcoin.
For more depth, it’s important to put yourself in the criminal’s shoes and consider alternative routes they take to monetise infections. Here’s how this trend came to fruition, why it’s so prevalent, and how security professionals and defenders can keep an eye out for this rising type of threat.
How attacks monetise infections While targeted attacks gain the most attention from researchers and media, the majority infections are untargeted and even indiscriminate. Instead of seeking out specific targets, many criminals aim to infect as many systems as possible and then turn those infections into cash.
In the early 2000s, “botnet herders” made income by relaying spam emails through infected PCs. Over time, that business became less profitable due to antispam controls.
As anti- fraud protections evolved, so did the criminals. 2013 gave rise to Ransomware which represented both increased efficiency and decreased risk of monetising the infection.
Where are we Now? In the last two years, particularly in the last six months, the price of bitcoin and other cryptocurrencies experienced a massive price surge. Bitcoin, over the last two years, shows a rise of 2,000 per cent to 4,000 per cent versus the US dollar. While botnets mining cryptocurrency is nothing new, the technique was much less profitable than using ransomware. In fact, with the rise of specialised Bitcoin mining hardware, no regular PC can make any significant amount of money for an attacker.
However, there are many other “crypto coins” on the market today. The one we see mined most by attackers is called Monero, which was designed to enable private transactions using a closed ledger, and its mining algorithm is still mined effectively by both PC CPUs and GPUs. Monero has risen even faster than bitcoin in price in the last two years, with more than a 30,000 per cent gain in US dollars.
What’s Next? This wave of attacks will continue as long as it maintains a high level of profitability with a low level of risk for cybercriminals.
For defenders, it’s important to note that the techniques used to infect systems with coin mining malware are the same as they were for ransomware. Infections typically begin with emails carrying malicious macro documents, drive- by exploit kits targeting browsers, or direct attacks on servers running vulnerable software. There is no single solution to stopping these attacks, but the same technologies and policies you use to prevent other malware infections will be effective.
Across the changing landscape of botnet herders, Banking Trojans, ransomware and coin mining is one constant: the business- savvy drive to maximise profit and reduce risk. Using the above points as our guide, we can make sense of where we are today, and prepare for future.