For years, ransomware has been the bane of the enterprise, with cyber criminals literally holding data hostage unless a ransom is paid.
Some verticals in the enterprise can breathe a sigh of relief, however, because now there is less ransomware in play, but individuals and small businesses are the newest target as cryptomining becomes the hottest trend in cyber attacks.
Craig Williams, director of outreach for Cisco Talos, addressed the trend at Cisco Live 2018, noting that «people are backing off from ransomware. It’s a super high risk. A lot of people aren’t paying.»
SEE: Information security incident reporting policy (Tech Pro Research)
Cryptomining is rising up to take the place of ransomware, and if cyber crime could be considered trendy, crypto mining is Cardi B, Drake and Taylor Swift rolled into one.
«Cryptomining is not considered as heinous [as ransomware] by the FBI. They don’t pursue it as aggressively. And let’s be honest, it’s significantly less damaging,» Williams said. «And as long as the cryptocurrency markets remain high, cryptocurrencies like Monero are very, very attractive targets for malicious software office. You can make about 25 cents a day off of infecting a home machine with a Monero miner. You multiply that times tens of thousands or hundreds of thousands of machines, and figure you’re going to have it compromised for the majority of a year. Maybe two years if you’re lucky.»
The allure of cryptomining, Williams said, is that it is profitable and the payout can’t be traced. Also, the attackers know what behaviors can help decrease their risk.
Cryptomining was discovered as a risk in late 2017, according to a Cisco blog. That’s when threat researchers discovered spam campaigns delivering crypto payloads using email attachments. According to the blog, «In some cases, a Word document downloads the crypto payload via a malicious macro. Attackers also continue hiding malware in email attachments. It’s safe to assume that the trend of using attachments in attacks isn’t going away.
However, for some industries, ransomware will remain a problem.
As WIlliams pointed out: «Unfortunately, if you are government or medical, you’re still going to get hit with ransomware because you keep paying. So until medical and government stops paying the ransom, they’re going to continue to be targeted. They’ve got to basically increase their defenses, become a non-attractive target and then hopefully the bad guys will eventually lose interest. But as long as people keep paying, it’s going to keep happening.»
Eventually cryptomining will become less attractive as more criminals opt for it and the payout is reduced. «But I think in the short term, people are going to keep doing it. Especially as people just keep inventing new currencies that seem to be taking off,» Williams said.
«Monero’s relatively new, it will be around for years to come and if there happens to be a new one that also focuses on security and privacy and making transactions opaque, it will catch on as well, potentially. And if it does, that will be another few years of mining cryptocurrency,» Williams said.