Cryptojacking cases rise to ransomware levels

With cryptocurrency the new technological buzzword, Kaspersky says the number of nefarious mining infections is increasing, and the software becoming more advanced.

As we’ve covered previously, the recent rise in interest in cryptocurrency has also led to a rise in cases of cyber-criminals using invasive software to mine coins on infected PCs without their owner’s knowledge.

According to a recent blog post by Russian cybersecurity firm Kaspersky, so-called ‘cryptojacking’ is now replacing Ransomware – where a malicious piece of software encrypts files on a computer, then asks for a ransom to get it back – as the money making method du jour of hacking groups. The blog outlines how criminal hackers have gradually moved across from what has been the big-news tactic over the last couple of years, to infecting computers with software that can use a computer’s resources to mine.

There are a couple of distinct advantages to the latter, chief among them being that it is a much more subtle form of attack. The reality is that many people will be none-the-wiser about what is going on.

That’s because, in general, the demands we make of our computers fall well within their capabilities. Thus, a piece of software working away in the background using up spare CPU resource may not effect day-to-day use, beyond – perhaps – a little bit of extra cooling fan activity.

The switchover from ransomware to cryptojacking during 2017, Kaspersky estimates, has led to a 50% increase in the latter kind of attacks – up from 1.87m in 2016 to 2.7m. These attacks, we’re told, form into a small set of distinct types.

Attacks on individuals usually come from so-called PUPs (potentially unwanted programs), that are often bundled in with free software downloads. These have traditionally been things like toolbars, software that serves unwanted ads, or simple changes browser settings like homepage or search engine preference. Social engineering tactics have also been used to encourage people to download such unwanted software via services such as Twitter, Facebook and LinkedIn.

Another popular method is to use a script executed in a browser upon visiting a website. Kaspersky says it stopped around 70m such instances in 2017. Though some of these may be legitimate, for example a site I visited recently offered the option to disable adblocking or allow it to mine using my system while I was reading, the majority are probably unsolicited. A prime example of this, were the recent cases of YouTube ads which appropriated user resources without permission.

The other main approach to this is to seek to infiltrate the systems of larger companies and syphon off computer resources from their servers and internal networks of computers. Kaspersky relates one case where software was fettled with a script to check if it had infected the computer of anyone senior or an information security officer, and then – providing it hadn’t – only begin mining outside of office hours.

By way of conclusion, Kaspersky expects that precisely the factors that are attracting cryptojackers right now, not least what it describes as a “clear monetisation model” (infect > mine > exchange crypto for cash) will mean continued development of mining tools and the methods of infection. Top of its prediction list is attacks on blockchain technology that uses Proof Of Space (PoSpace) rather than Proof of Work (PoW) as the basis of its mining.

In short, keep an eye on your system, and regularly scan with a decent security application if you don’t want to be sucked into earning someone else money with your electricity.