Threat Management, Threat Management, Malware

Report: Cryptomining malware detections up more than 459 percent since 2017

Detections of cryptomining malware has increased by 459 percent since last year, according to a new report released today by the Cyber Threat Alliance (CTA), citing statistics collected from several of its member companies.

Titled "The Illicit Cryptocurrency Cyber Threat," the report warns that this dramatic year-over-year rise is no fluke, noting that illegal mining activity will likely continue to proliferate in the coming years as long as cryptocurrencies still hold value among criminals and targeted machines and devices remain vulnerable to attack.

On the other hand, if cryptocurrency value sinks, as has been the recent trend with with Bitcoin, then bad actors could abandon mining campaigns and instead leverage their access to compromised systems to perform ransomware attacks or perhaps steal data, the report continues.

The CTA also has predicted that attackers could begin to attack "non-currency-related blockchain technologies" in development that companies may use to "track transactions, share information, maintain records or uphold smart contracts.

For instance, smaller blockchain networks may be susceptible to so-called "51 percent attacks," by which attackers control take over a majority of the blockchain's hashing power, allowing them to prevent transactions or even alter records.

"A successful attack of this kind on a blockchain could have devastating consequences, depending on what the enterprise blockchain is being
used for," states CTA.

Finally, the report anticipates that rogue nation-states will begin to play a more active role in cryptomining attacks as a means of raising funds, skirting sanctions, and supporting other offensive cyber campaigns. Noting that North Korean cyber actors are already suspected of launching ransomwares attack, conducting cyber bank heists, and stealing from cryptocurrency wallets, CTA concludes in its report that there's "little reason to believe that they would not conduct illicit cryptocurrency mining as another way to raise funds." Additionally, "We expect that other nation states, such as Iran or Russia, may leverage illicit cryptocurrency mining for the same reasons."

CTA's research cited a slew of recent reports from its member organizations to support its premise. For instance, Fortinet noted last June that the number of its customer companies impacted by miners jumped from 13 percent in Q4 2017 to 28 percent in Q1 2018. Meanwhile, a June McAfee report reported more than 2.9 million samples of coin mining malware in Q1 2018 -- a 629 percent rise from the nearly 400,000 samples detected the previous quarter.

Charles McFarland, senior research scientist at McAfee, said in his own company's blog post that the research report “represents the first joint industry initiative to educate enterprises and consumers about the growing threat of cryptocurrency mining. By improving security postures and adhering to proper security practices, we can increase the difficulty of these attacks succeeding, thus disrupting malicious behavior."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.