At the time of analysis, GTIC researchers found around 12,000 Monero mining malware samples, with the earliest dating back to March 2015. They also discovered that 66 per cent of the samples were submitted from November to December 2017, indicating a dramatic increase in the use of coin mining malware.
Terrance DeJesus, Threat Research Analyst at NTT Security, said: “The acceptance and adoption of digital currencies mean that investing in cryptocurrency has become a new way to make money. However, generating a profit from mining the currency has become more time consuming and costly. Cyber criminals have therefore taken to developing malware in an attempt to overcome the barriers to entry and generate profits for themselves.
“Monero mining malware is installed on the victim’s computer or smartphone without their knowledge and, once installed, it uses the victim’s computing resources and electricity supply to mine cryptocurrencies. The rewards go directly to the hacker, not the owner of the computer. Device owners might not suspect a thing.”
Based on its visibility into 40 per cent of global internet traffic and data from a wide range of threat intelligence sources, NTT Security has revealed that cyber criminals are using phishing emails as the primary tactics to gain a foothold on a targeted system, which attackers can then leverage to mine XMR with the victim’s resources.
While phishing is the most prominent, the discovery of coin miners in a network environment suggests that more malicious activity could exist in that environment, such as backdoors and unpatched vulnerabilities. The company also found that legitimate coin mining services, such as Coinhive could be abused and injected into mobile games and websites.
Investing in cryptocurrency is not a new phenomenon - late 2017 and early 2018 saw a significant spike in the numbers of cryptocurrency investments across the globe. Unsurprisingly, threat actors are using their skills to cash in on the cryptocurrency mining craze and, while crytocurrency values have fluctuated wildly in value since the completion of the report, threat actors continue developing cryptocurrency mining malware to generate revenues to fund their operations.
Terrance added: “Organisations mustn’t ignore the threat of mining malware. The impact of an attack can go well beyond performance issues. Mining costs organisations money, impacts the environment and causes reputational damage. It could also be indicative of more problems in the network.
“The use of coin miners will, without a doubt, grow and become more advanced in time, possibly being built into other malware types such as banking Trojans, as well as ransomware. There are serious business implications to ignoring this current threat. We are encouraging all companies to be more vigilant of cybersecurity threats to their business. There are often simple and effective ways to mitigate risks, but too often the most obvious things are overlooked.”
NTT Security has advised that organisations take the following steps to mitigate the risk of cryptocurrency mining malware penetrating their environment:
1. Conduct regular risk assessments to identify vulnerabilities in the organisation.
2. Adopt a defence-in-depth approach to cybersecurity — i.e. have multiple layers of security in place to reduce exposure to threats.
3. Regularly update systems and devices with the latest patches, and deploy intrusion, detection and prevention systems to stop attacks.
4. Educate employees on how to handle phishing attacks, suspicious email links, and unsolicited emails and file attachments.
5. Proactively monitor network traffic to identify malware infection, and pay close attention to the security of mobile devices.
