Increased security measures and awareness are driving
cybercriminals to change their techniques in search of a better return on
investment, ditching ransomware and malware-based attacks for cryptojacking
to a new study by IBM.
Malicious coin-mining or cryptojacking is the act of
installing a cryptocurrency miner on the victim’s endpoint without their
knowing it, thus enslaving their device to slowly gather coins for the
attacker. This operation taxes the device’s CPU/GPU, is costly in terms of
electric power, and can cause damage to devices as they overheat.
According to the annual 2019 IBM X-Force Threat Intelligence
Index, the number of cryptojacking attacks nearly doubled those of ransomware
attacks in 2018. With the price of cryptocurrencies like Bitcoin hitting a high
of nearly US$20,000 going into 2018, lower-risk/lower-effort attacks secretly
using a victim’s computing power were seen as more profitable.
Cyptojacking has been on the rise in the past two years, and
IBM expects to see it continue to affect companies in 2019 as well.
“If we look at the drop in the use of malware, the shift
away from ransomware, and the rise of targeted campaigns, all these trends tell
us that return-on-investment is a real motivating factor for cybercriminals,”
said Wendi Whitmore, director of IBM X-Force Threat Intelligence.
“We see that efforts to disrupt adversaries and make systems
harder to infiltrate are working. While 11.7 billion records were leaked or
stolen over the last three years, abusing Personally Identifiable Information
(PII) requires more knowledge and resources and attackers are exploring new
illicit profit models to increase their return on investment.
“One of the hottest commodities is computing power tied to
the emergence of cryptocurrencies. This has led to corporate networks and
consumer devices being secretly highjacked to mine for these digital
The Threat Intelligence Index found that cybercriminals are developing
new various tools and tactics to infect the hardware of both corporate servers
and individual users by spreading cryptojacking malware to do the work for
them. Additionally, attackers are increasing the sophistication of obfuscation
capabilities for coin-mining malware, giving them the ability to infect more
devices and web resources to collect coins over time.
With the growing proliferation of cryptocurrencies and
digital tokens in many countries — and especially in developing economies —, threat
actors in Eastern Europe and North Korea in particular have taken notice of the
profitability of coin-mining malware.
Facing continued international sanctions over its nuclear
program, North Korea continued to focus on cryptocurrency mining in 2018 as
part of its revenue generation tactics. Early in 2018, a North Korean
seen mining the privacy-conscious cryptocurrency, Monero.
While North Korea may continue its foray into cryptomining, most of its activities involve the direct compromises of cryptocurrency exchange platforms.
According to an October
2018 report from Group-IB, a North Korean hacking group nicknamed the Lazarus
Group managed to hack
five cryptocurrency exchanges in 2017 and 2018, stealing roughly US$571
million worth of cryptocurrencies. In 2016, the group funneled
US$81 million from the central bank of Bangladesh.