Report Finds Cryptojacking Still a Threat, But for How Long?
A new report from the Cyber Threat Alliance (CTA) examines the unauthorized use of computers to mine cryptocurrencies, otherwise known as cryptojacking. It’s a phenomenon that has grown rapidly since 2017, but with the fall of crypto markets, it’s unclear whether the trend will continue.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Cryptojacking Increased by 459 Percent Since 2017
The CTA is an industry group dedicated to helping its members detect and respond to cybersecurity threats, and includes well-known cybersecurity firms such as Symantec, McAfee, Palo Alto Networks, and Juniper Networks.
The CTA’s new report, “The Illicit Cryptocurrency Mining Threat,” found that cryptojacking has increased by 459 percent since 2017, according to member data. The largest recorded increases in cryptojacking malware detections came during the winter of 2017-2018, when cryptocurrency markets were at their peaks.
While perhaps not as serious a security threat as ransomware or banking trojans, cryptojacking malware can still lead to increased electricity bills, hardware damage or wear, and decreased system performance. The leaking of the U.S. National Security Administration (NSA) EternalBlue Windows exploit in 2017, has also been an avenue for the attempted spread of cryptojacking malware.
And it’s not just personal computers that are at risk, as the report points out. Routers, smart TVs, cable boxes, and DVRs–including those running versions of Google’s Android software–have also been targeted. The widespread availability of pool mining has helped to enable this trend, the CTA notes.
Existing Malware Being Repurposed
The report notes that existing malware has also been repurposed for cryptojacking. Mirai, which is able to turn networked devices into botnets capable of launching distributed-denial-of-service (DDOS) attacks, has been rewritten to enable mining. Also, some forms of ransomware, such as BlackRuby, are adding cryptojacking software like XMRig to their packages.
Web browser-based cryptocurrency miners such as Hive still remain popular. The report notes that a July 2018 search using PublicWWW found 23,000 websites running the Coinhive source script.
The sophistication of some of the cryptojacking software is also impressive. Some are designed to only use a fraction of the host system’s CPU to avoid detection, and the MinerGate family of malware will suspend operations if they detect signals that a human user is present, such as the mouse being used.
But With Crypto Markets Down, Will Cryptojacking Popularity Fall Also?
The report says that cryptojacking is a trend, with the CTA expecting mining malware to continue to target systems that are vulnerable. The report does note, however, that cryptocurrency valuations remain a key variable in the prevalence of cryptojacking, stating:
“The threat of illicit cryptocurrency mining will continue to grow as long as cryptocurrency value remains high and an infrastructure exists for actors to anonymously and easily leverage mining to generate revenues.”
However, cryptocurrency markets have fallen dramatically since the start of the year. Monero, which the report says makes up 85 percent of all coins mined via cryptojacking, is down 68 percent since the start of the year. Declines like that reduce the profitability of cryptojacking and likely also the number of hackers attempting to engage in it.
Sean Gallagher at Arts Technica tweeted out a statistic which claimed that the payout for Coinhive Monero mining running on a PC for a week at near full capacity was around 30 cents USD:
The payout for a single 64-bit machine running a Coinhive miner for a week at near 100 percent CPU shows that cryptocurrency mining malware is a desperate game. pic.twitter.com/u3aGcueBPy
— Sean Gallagher (@thepacketrat) September 18, 2018
And Monero is one of the few coins which can be profitably mined using CPU power. Attempting to illegally mine bitcoin or another altcoins where ASICs are present would offer an even lower rate of return.
The report seems to back this trend up, with one chart showing cryptojacking malware detections growing throughout 2017 before exploding at the turn of 2018. However, the level appears to have dramatically fallen since early this year.
Cryptojacking remains a threat, as the CTA report and an August news story from security firm Sucuri showed. In that case, hackers used RawGit, a content delivery network (CDN) for GitHub files, as a mechanism to propagate the Crypto-Loot malware.
Yet, barring a resurgence of the crypto markets, it’s unclear whether the cryptojacking trend will continue as before. Other forms of malware, such as ransomware–which typically require victims to pay in cryptocurrency–seem equally likely to threaten users for the foreseeable future.
Have your say. Is cryptojacking’s growth on the decline? Do you see it re-emerging if crypto prices return to all-time highs?
Images via Pixabay, CTA