Hackers are moving from ransomware to cryptomining according to Cisco’s Talos division who reported the shift towards cryptomining on Tuesday. Recently hackers have been finding success with ransomware, with reports of numerous companies and individuals ponying up to unlock their computers. However, now, hackers are finding easier ways to score cash. Ransomware still requires individuals to take action to unlock their systems by sending payments. Many of the victims may not even be familiar with how to purchase bitcoins or prepaid credit cards to make the payment. Others may have satisfactory backups or deem the data locked not important enough to pay for release.
An easier way for hackers is to surreptitiously hijack CPU power often without notice of the victim and harness this power to mine cryptocurrencies like Monero. By some reports, a typical computer can mine $0.28 of Monero a day. A small amount, but one that quickly adds up when a botnet of 1000s of zombie computers is pushed into services. One hacker $184,000 dollars a year in a real world example according to Forbes. It's also been reported that the Smominru botnet earned hackers $3.6 million mining Monero at a rate of $8,500 a week.
Given the proliferation of unsecured IoT devices and the reports of malvertising mining cryptocurrency even across major ad providers such as Google’s DoubleClick, it’s obvious to see why hackers see this as an opportunity for easy money.
While this trend is sure to continue as long as it remains profitable for hackers, standard security hygiene practices remain the best defense. Many endpoint protection solutions are beginning to block browser-based cryptominers and many vendors continue to release updates to IoT devices to remove security vulnerabilities that allow hackers to hijack them. It’s important to follow best practices including 24x7 security monitoring to identify unusual activity on your network and to implement an effective vulnerability and patch management process to keep systems up to date.
If you need help gaining 24x7 security coverage with limited resources, find out how Cygilant’s SOCVue security as a service can help. Watch this short video to see how: