Cisco: "Cybercrime Swaps Ransomware For Cryptomining, Generating Millions"


Cisco's Talos Threat Intelligence team has a good observation.

Cybercriminals can just steal CPU/GPU cycles and directly generate any cryptocurrency without infecting the system with ransomware.

It's called cryptomining and is exploding on the scene. More stealthy than ransomware, this malware infects the workstation or server and significantly slows performance down, damaging productivity in a hidden way.

The mining software in itself is not "malicious", but if it is used to steal your organization's resources I vote for calling it malware anyway. Cryptominers have several infection vectors:

  • Phishing campaigns
  • Downloads of "warez" by the end user
  • Vulnerabilities used by Exploit Kits
  • Simply social engineering users to run the cryptominer

Bad guys are very creative in getting the miner software to run, including simply convincing users to run it. Cisco commented: "we found a large number of enterprise users running or attempting to run miners on their systems for potential personal gain."

In their executive summary Cisco stated:

"Over the past several months Talos has observed a marked increase in the volume of cryptocurrency mining software being maliciously delivered to victims.

The threat landscape is constantly changing; over the last few years malware threat vectors, methods and payloads have rapidly evolved.

Recently, as cryptocurrency values have exploded, mining related attacks have emerged as a primary interest for many attackers who are beginning to recognize that they can realize all of the financial upside of previous attacks, like ransomware, without needing to actually engage the victim and without the extraneous law enforcement attention that comes with ransomware attacks."

"In these cases the better the performance and computing power of the targeted system, the better for the attacker from a revenue generation perspective.

To put the financial gains in perspective, an average system would likely generate about $0.25 of Monero per day, meaning that an adversary who has enlisted 2,000 victims (not a hard feat), could generate $500 per day or $182,500 per year.

Talos has observed botnets consisting of millions of infected systems, which using our previous logic means that these systems could be leveraged to generate more than $100 million per year theoretically."

What To Do About It

I suggest you add a section to your security policy regarding the use of miners on enterprise systems and how it will be handled. And you need to decide if this code should be treated as malware, and removed/quarantined as such, and see if your endpoint security software can handle this type of code.

Oh, and training your users is also a really, really good idea. Full story at the Talos Blog.

Free Phishing Security Test

Did you know that 91% of successful data breaches started with a spear-phishing attack?

Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone with our free test. Did you know that KnowBe4 also supports "Vishing" where you can actually send your users simulated voice mail attacks?

Get Your Free PST Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews