2017 gave us the year of ransomware and all the fears that came along with it. We saw the devastation that it can cause with WannaCry and NotPetya crippling systems around the world. 2018 has brought us cryptojacking.
What is cryptojacking? It’s the process of installing code on a device that mines cryptocurrency while you are using it. This code, or crypto virus, runs in the background using part of your CPU for nefarious purposes.
One of the most popular programs that uses this technique is Coinhive. This program was designed to work with anonymous cryptocurrencies such as Monero. According to publicwww.com, a service that indexes the source code of Web sites, there were over 32,000 instances of this code installed on browsers. The attackers that perpetrated this attack has reportedly mined over $3.2 Million dollars’ worth of cryptocurrency!
Bad actors are flocking to these kinds of attacks. The inherent secrecy of this type of mining has all the benefits that hackers want and gives them a much larger upside over other types of attacks like ransomware. Hackers are creating massive botnets that operate these kinds of programs and can be a drain on resources without a business noticing. Cryptocurrencies like Monero give hackers the anonymity they need to create these kinds of botnets while still lying low. These types of cryptocurrency don’t trace transactions like Bitcoin or other reputable coins so it gives the bad actors just what they want – anonymity.
Why the switch from ransomware to cryptojacking? Simply put, more bang for your buck. Ransomware saw a hard fight when it entered the market and people were defending themselves. The average ransom amount in 2017 was $544 which isn’t a big payout for the risk taken. For the amount of difficulty and risk that the hackers take on – the payout wasn’t making the cut. On the flip side, cryptojacking allows you to continually use the machine to mine without being detected. The only way you can be detected is if your web admin looks into the Web code or you actually notice the browser’s consumption amount.
Another main reason for the switch is that they’re not going after your money. Understandably, there were hundreds of news articles about ransomware because it was bricking essential systems and demanding YOU pay. Cryptojacking is much sneakier because it isn’t coming after our money – it’s going after the currency. The timeless saying “out of sight, out of mind” should be ringing in your head right now. If everything seems to be running fine and the employee isn’t affected then what’s there to worry about?
As technology advances – bad actors are right alongside trying to make a buck. It’s imperative that we are aware of current threats and can beat them to the punch.