According to a recent report by Avira, the use of cryptomining malware has increased by 53% quarter-on-quarter in the final three months of 2020. The reason behind this increase could be the soaring value of Bitcoin.
Cryptomining Attacks
Cryptomining-related attacks don’t require user interaction and perpetrators don’t have to wait for their victims to make any payment. According to Avira, there are three types of coin-miners active today: executable files, browser-based cryptocurrency miners, and advanced fileless miners.
The lesser-known Monero currency is in higher demand instead of Bitcoin. The mining requirements for Monero are far lesser than that of Bitcoin. In addition, Monero has no tracking of transactions and provides more anonymity, making it a favorite among cybercriminals.
Past Trends
The evolution of browser-based Coinhive had provided spikes in illegal cryptocurrency-mining activities in 2018. According to a study, by February 2018, such attacks impacted around 23% of global organizations.
Coinhive-based activities were shut down in February 2019, however, such attacks are rising again alongside the value of the digital currency.
Recent Cryptomining Attacks
Malware authors are taking advantage of the cryptocurrency price hike and aggressively spreading cryptominers to exploit other people’s systems and resources for their illegal mining activities.
In recent months, several cryptocurrency exchanges and brokers, including Livecoin, Voyager, and Exmo crypto, have been hacked. A new malware named ElectroRAT was observed targeting cryptocurrency users.
Threat actors hacked verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam. A cryptocurrency mining campaign, named OSAMine, was discovered targeting macOS users.
Conclusion
A surge in cryptocurrency prices is going to attract more cybercriminals towards illegal cryptomining activities. Therefore, experts suggest preventing outbound calls to cryptomining pools, disabling JavaScript in browsers, updating host-based detection signatures, and using intrusion detection and prevention systems to protect against such attacks.