The Next Level Network Blog

IT Management, Security, Compliance for Regulated Firms

Crypto Mining Tools Are Overtaking Ransomware Attacks as a Cyber Threat

Longer-term Payoffs, Lower Tech Skill Requirements Motivating More Bad Actors

A new cyber threat – crypto mining – began in 2017, accelerated in 2018 and is exploding in 2019, overtaking ransomware attacks to become one of the most prolific threats out there. More correctly termed ‘crypto jacking’ when used for nefarious purposes, crypto mining, when used legally, is a part of the cryptocurrency ecosystem that helps to keep track of ‘blocks’ of cryptocurrency as they’re created. Legitimate crypto miners use crypto mining tools on their computers that may earn them a few pennies for their efforts to help maintain and/or increase the value of cryptocurrencies.

Of course, clever hackers have developed crypto mining (crypto jacking) tools that can multiply these efforts thousands of times to yield six-figure and seven-figure paydays. This is complicated stuff to understand so let’s back-track to a couple of definitions.

According to Norton, the anti-virus folks:

Crypto jacking is the unauthorized use of a computer, tablet, mobile phone, or connected home device by cybercriminals to mine for cryptocurrency, a form of digital currency that can be used in exchange for goods, services, and even real money. Users can “mine” it on their computers by using special programs to solve complex, encrypted math equations in order to gain a piece of the currency.

In the above definitions, Norton’s reference to ‘users’ is to legitimate users. The crypto currency they mine goes into digital ‘wallets’ that they control and can access.

Cybercriminals mine cryptocurrencies by placing crypto mining malware onto unsuspecting devices or onto websites that then deliver them to visitors via their browsers.

Why Is Crypto Jacking Overtaking Ransomware?

There are a few key reasons that hackers are choosing crypto jacking over ransomware attacks.

First, crypto mining/jacking is the gift that keeps on giving. Ransomware attacks are one and done. Crypto mining tools are very difficult for victims to detect. They can sit on a device and mine cryptocurrencies indefinitely.

Second, defenses against ransomware attacks have been developed, making them less successful. For every 50 or so devices infected with ransomware, maybe only two or three actually pay the ransom to unlock their files. The others have backed up or otherwise protected their files and data so that they can simply wipe the device and reload it. In the case of crypto mining, virtually every infected device delivers a return.

Third, crypto mining tools enable hackers to ply their trade with fewer technical skills than are required for ransomware attacks. Hackers can buy crypto mining ‘kits’ on the dark web for as little as 30 dollars. They install right out of the box with little need for additional coding.

How bad is it? In 2018, crypto jacking had grown from almost nothing in 2017 to represent about 10 percent of all cyber attacks. And it’s growing. It’s so competitive that some hackers have developed special tools for detecting and destroying other hackers’ crypto tools on devices that they invade. They have also detected vulnerabilities in legitimate crypto mining tools that they exploit. Wow!

How Does It Work?

Crypto jacking works in two ways. Either the hacker introduces malware directly to the laptop or other device, or victims pick up bad code when they surf to websites infected for the purpose of introducing bad code into a visitor’s web browser. In the first case, hackers use email ruses or phishing schemes to deliver the malware. In browser-based attacks, in addition to directly infecting the browser, code may also be delivered in re-marketing ads served up after the web visit.

(Here’s where we get on our soap box and say, once again, that user training is the key to avoiding these attacks. Two exclamation points!!)

Once the crypto mining tools are introduced, they hijack a device’s processor power to perform the ultra-complex mathematical problem solving that is at the heart of crypto mining. Solving these mathematical problems offers a miner access to blocks in the cryptocurrency blockchain – the continuous block building of cryptocurrency that codifies every single quantity of cryptocurrency ever created.

Although they’re using someone else’s device, the hackers’ crypto mining codes enable them to route the cryptocurrency they mine to their own digital wallets. They have a serious preference for cryptocurrencies like Monero that can’t be traced back to the miner – as opposed to trackable currencies like bitcoin.

How Do You Tell If You’ve Picked Up Crypto Malware

Unlike ransomware in which files just lock up so that you can’t access them and a ransom request pops up your screen, you may not have any idea that your laptop, phone, tablet or smart device has been infected with crypto mining code.

The only way you might be able to tell is if your computer or device processes slow down significantly. A slow-down happens if the crypto mining tools suck up too much of your device’s processing power to perform their mathematical magic acts.

And you may never experience such a slow-down. Wily crypto hackers have developed tools that can detect mouse movements and keystrokes and only initiate mining when you stop using your device. This reduces the chance of overload or the possibility of detection.

There are tools for Windows, iOS and android systems for detecting which processes, files or browser tabs may have been affected. But hackers have figured ways to spoof processes and come up with other tricks that can eat up valuable IT and network management time and resources trying to find bad code. It pays to avail yourself of expert services to use the right tools to rid your system of crypto mining malware.

Even if you never experience a serious slow-down, you just don’t want any foreign code on your devices or your network. It pays to scan for them periodically.

As mentioned earlier – and in almost everything we post on the topic of cyber security – user training is key to protecting your company’s data and reputation for keeping client information and assets secure. If you’d like to speak with Soundshore Technology Group’s cyber security experts, send an email to sales@soundshore.net. We’ll be happy to help. While you’re here, please take a look at our full array of cyber security services.


Topics: Ransomware, Soundshore Technology Group, Crypto Mining Tools