It’s quite evident how these days, attacks assume new forms along with transformations in the types of services that are widely used by consumers in a given period of time. Needless to mention, malware or malicious activities will find their presence in new applications and services as they evolve to occupy a prominent position in people’s lives.
Stats indicate that cryptocurrency mining has gone up in an over-exponential way over the last quarter and there’s no doubt about the fact that 2018 will be dominated by malicious mining. As the popularity of cryptocurrencies such as Bitcoin begins to rise, cybercriminals will try to leverage all possible opportunities, including mining attacks through browser and scams, to get access to people’s crypto wallets. Any type of market statistics show an increase in malware detections that have been observed over the last quarters, which further reinforces the fact that cryptocurrency mining scams are on their way to emerge as the leading threat to businesses in times to come.
Things are taking a rather ugly turn as new patches are getting introduced to combat vulnerabilities resulting from Spectre and Meltdown CPU security pitfalls. Fraudsters are capitalizing on the scenario and launching social engineering swindles. It is quite alarming to note that cybercriminals operating in the cryptocurrency mining space are using false support numbers to trick Coinbase users into sharing their credentials. Cryptocurrencies have been becoming popular over time and they are mainly used to facilitate genuine transactions, but unfortunately, at present, cyber fraudsters have put their reputation at stake. Regrettably, the benefits commonly associated with these decentralized, digital currencies are now being misused to launch successful money scam attempts.
As Bitcoin and other cryptocurrencies continue to rise in popularity, malware creators and distributors around the globe focus their efforts in the cryptocurrency mining sphere to squeeze money out of people’s accounts. Alarmingly, over the last quarter, incidents of malicious cryptocurrency mining have been detected in all platforms including mobile devices, browsers, and operating systems. The advent of new cryptocurrencies that can be mined by personal computers has further triggered a spur in malicious activities. Apart from Bitcoin users, users of other alternate currencies such as AEON, Monero, and ByteCoin are also getting victimized. What’s even worse is that cybercriminals are attacking digital currency platforms and crypto wallets as well. The hacking of NiceHash in December of last year stands as a typical example of such fraud and, in fact, it is noted as the largest-ever bank robbery so far.
Cybercriminals are using diverse and innovative methods to distribute cryptocurrency miners. Some are malware-based miners that are distributed through mail spam, malicious APKs, and exploit kits. The browser-based attacks are mainly launched through drive-by attacks, malicious extensions or through activities to mine users’ systems without their approval. Fraudsters are even deploying ethical cryptocurrency mining to lure users into getting their CPU or GPU mined to benefit from an ad-free website experience.
Sounds strange? It’s true. Keep reading as we discuss more stats and facts in the next blog.
Read “2017-2018 Global Application & Network Security Report” to learn more.
Fabio is Technical Director EMEA-CALA, responsible for Systems Engineering in the theater. With a long experience, he began his career in software development for aerospace systems before getting into IT vendor ecosystem with Bay Networks/Nortel and Juniper Networks, up to being Technical Director EMEA for the Telecom, Cloud and Content businesses. Fabio writes about technology strategy, trends and implementation.