Cryptomining infections outnumbered ransomware by ten times in 2018
7 February 2019
Cryptomining operations infected IT networks of ten times as many organisations compared to ransomware infections in 2018 but only 16 percent of IT security professionals consider cryptomining as the biggest threat to their organisations, a new study has revealed.
In July last year, security firm Check Point revealed that the percentage of organisations impacted by cryptomining rose from around 20 percent in the previous year to 42 percent worldwide in the first three months of 2018.
Security researchers at Check Point noted that those behind cryptocurrency mining operations were motivated by a clear interest to increase the percentage of computational resources leveraged and as a result, are now targeting SQL Databases, industrial systems, nuclear plants, and even cloud infrastructure.
They added that cryptomining software has also highly evolved recently to exploit high-profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates.
Statistics released by Check Point revealed that of all organisations worldwide that were affected by cryptomining software last year, 30% were infected by Coinhive, 17 percent by JSECoin, 7 percent by XMRig, 6 percent by AuthedMine and 3 percent by RubyMiner.
Cryptomining operations infected 37% of organisations worldwide
In a new report that covers the tools and services used to commit cyber-crime in 2018, Check Point has revealed that cryptomining operations infected ten times as many organisations than ransomware did and that 37% of organizations globally were hit by cryptomining operations in the entire calendar year.
They warned that cryptomining operations are as potent as they were last year, infecting 20 percent of organisations worldwide every week despite an 80% fall in cryptocurrency values.
Despite the rise in the number of cryptomining operations worldwide, IT security experts continue to underestimate the threat posed by such activities. According to Check Point, only 16 percent of IT security professionals consider cryptomining as the biggest threat to their organisations, compared to 54 percent who consider ransomware as the biggest threat.
In the same survey, 66 percent of IT security professionals highlighted phishing attacks as the biggest threat to their organisation, 53 percent named data breaches, and 34 percent named DDoS attacks as the biggest threats they are facing at present.
This is despite the fact that, according to a report from Webroot, phishing attacks form less than 1 percent of all web-based threats, with malware (52 percent), cryptojacking (35 percent), and botnets (12 percent) forming a massive majority of web-based threats. In fact, cryptomining replaced ransomware as the number one web-based threat in the first half of 2018.
Cryptomining a highly-profitable and risk-free activity
“Very profitable yet with a minimal criminal footprint, cryptomining works on any device—not just computers and phones, but even IoT devices like routers and TVs. Some website owners voluntarily participate in cryptomining, seeing it as an easy way to generate revenue to pay their server costs without bombarding site visitors with annoying banner and sidebar ads.
“However, others carry out cryptomining without letting the visitor know. In either case, it may be largely invisible to the end user, who likely won’t notice a small spike in their electric bill. But for an organization, power bills can skyrocket, especially when criminals employ scaling, i.e., keeping the drain on the CPU minimal when a keyboard or mouse is being used but scaling up to 100% at other times,” Webroot said.
According to Barry Shteiman, VP of Research and Innovation at Exabeam, cryptocurrency mining operations present a hidden threat to businesses as they drain vast amounts of energy and use hundreds of thousands of computers and servers to mine currencies.
“The best thing to do is look for anomalies in your electricity bill. You should also measure changes in your HVAC usage for heat dissipation, although this will be more difficult. Beyond that, look for sudden changes in capacity or usage, as well as significant deviations in pattern and velocity.
“The best approach to detecting irregular network behaviour is using an emerging technology called entity analytics. This automates detection by baselining normal machine behaviour and highlighting the anomalies. Deviation from these benchmarks may be an indicator of capacity abuse, and will the best marker of malicious cryptomining activity on your network,” he said.