The latest McAfee Labs Threats Report for September 2018 reports a surge in cryptomining malware growth that began in Q4 2017 has continued in the first half of 2018. McAfee also saw the continued adaptation of the type of malware vulnerability exploits used in the WannaCry and NotPetya outbreaks of 2017.
Although less common than ransomware, cryptomining malware has quickly emerged as a factor on the threat landscape. After growing around 400,000 in the fourth quarter of 2017, new cryptomining malware samples grew a stunning 629% to more than 2.9 million samples in Q1 2018. This trend continued in Q2 as total samples grew by 86% with more than 2.5 million new samples. McAfee Labs has even identified what appear to be older malware such as ransomware newly retooled with mining capabilities.
Ed Baker, EMEA partner lead at McAfee, says: “Partners must be on-hand to advise customers when building their security strategies and provide guidance when making security investments going forwards. To stay ahead of cyber criminals, all parties in the cybersecurity industry need to focus on collaboration. This means making sure that tools can operate together, removing siloed security teams and making it easier for companies to protect data, detect potential threats, and work to effectively correct them.”
“Together the cybersecurity industry must consider the operational procedures, capabilities and resources in place and apply the right technology solutions, working practices, policies and services to be as effective as possible against diversified cybercriminals. This means building a proactive, platform-based and partner-powered integrated cybersecurity system that will allow customers to move from reactive incident response to proactively hunting threats. In this way, organisations can ensure that if a breach does occur, it can be resolved quickly with minimum disruption to the business.”
In some cases, cryptomining targets specific groups rather than a broad field of potential victims. One cryptomining malware strain has targeted gamers on a Russian forum by posing as a “mod” claiming to enhance popular games. Gamers were tricked into downloading the malicious software, which proceeded to use their computer resources for profit.
While cryptomining malware primarily targets PCs, other devices have become victims. For instance, Android phones in China and Korea have been exploited by the ADB.Miner malware into producing Monero cryptocurrency for its perpetrators.
“A few years ago, we wouldn’t think of internet routers, video-recording devices, and other Internet of Things devices as platforms for cryptomining because their CPU speeds were too insufficient to support such productivity,” said Christiaan Beek, Lead Scientist and Senior Principal Engineer with McAfee Advanced Threat Research. “Today, the tremendous volume of such devices online and their propensity for weak passwords present a very attractive platform for this activity. If I were a cybercriminal who owns a botnet of 100,000 such IoT devices, it would cost me next to nothing financially to produce enough cryptocurrency to create a new, profitable revenue stream.”