According to a recent report by endpoint security solution provider Kaspersky Lab, 2018 witnessed over 5 million cryptojacking attacks. The share of miners detected out of the overall number of threats detected by Kaspersky grew to 8%.
In a statement to Solutions Review Rich Campagna, CMO of Bitglass, said: “In 2018, cloud cryptojacking took the world by storm, much to the dismay of businesses and security experts. Expect to see a lot more of this in 2019 and beyond.”
Is Campagna correct? What is the future of cryptojacking attacks for enterprises and users alike?
We decided to peer into our own crystal ball of research to predict the future of cryptojacking attacks. Our findings point in many different directions:
What Are Cryptojacking Attacks?
Cryptojacking attacks use malware to surreptitiously “mine” cryptocurrencies like Bitcoin or Monero on victims’ endpoints. Mining essentially untangles the data of the complex and numerous transactions inherent in cryptocurrency, for which the hackers are paid in the cryptocurrency.
Mining is digitally labor-intensive; it drains processing power and electrical energy—so much so it can cause system and network shutdowns. In fact, cryptocurrency mining demands so much energy it attacks can cost enterprises an additional $2,196 in electrical bills a year. Additionally, the increased energy demands can cause overheating and actual physical damage to enterprises’ electrical infrastructure.
Cryptojacking attacks, unlike ransomware, guarantees a payout of some kind. Cryptojacking exploits the inadequate threat detection and the increased dwell time of victim enterprises’ endpoints, allow them to exploit enterprises for longer. Ransomware tends to the loud and flashy. Cryptojacking works in the background. Its popularity thus possesses obvious roots.
Cryptojacking: Popular and Powerful
While ransomware experienced a rise in samples and usage in 2018, cryptojacking attacks dwarfed the once-dominant malware. McAfee Labs Threat Report reported an increase of 85% in Q2 of 2018. At the same time, their malware database added 2.5 million new cryptocurrency mining files to their system.
The even more recent Morphisec Labs Threat Report for December 2018 found cryptojacking attacks constitute 30% of all attacks.
Evgeny Lopatin, Security Expert at Kaspersky Lab, said in a press release announcing their own report: “Our analysis of the economic background of malicious crypto-mining and the reasons for its widespread presence in certain regions revealed a clear correlation.”
“The easier it is to distribute unlicensed software, the more incidents of malicious crypto-miner activities were detected. In short, an activity not generally perceived as especially dangerous, the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious crypto-mining.”
These statements all contribute to a portrait of a distressingly secure future of cryptojacking attacks. Yet the future of cryptojacking attacks may hinge on factors that may yet change the way hackers use this dangerous malware variant.
The Future of Cryptojacking Attacks Is the Future of the Currency
Whether you consider cryptocurrencies legitimate currencies or not—there are arguments on both sides—almost everyone agrees the value of cryptocurrenies can and do fluctuate wildly. Over the course of 2018, cryptocurrencies around the world, including Bitcoin and Monero, lost significant value. Even the most prominent cryptocurrency bulls like John McAfee began reconsidering their optimism.
A recent report by Kelly Sheridan of Dark Reading found the value of cryptocurrencies dropped 75% to 85% over the course of 2018. Obviously, this affected the payout of cryptojacking attacks and forced hackers to reconsider their tactics. Now they utilize modular malware, which evaluates the endpoint they infiltrated and determine the operative next move. That may be cryptomining, or it may entail be a lateral move or a data-stealing attack.
According to this report, the future of cryptojacking attacks may be one of fewer attacks overall…but those affected will suffer far more.
Will Dwell Time Change the Future of Cryptojacking Attacks?
A recent statement from Stephen Cox, Vice President and Chief Security Architect at SecureAuth, summarized how time can often end up on hackers’ side: “It takes roughly 100 days from the time a breach occurs to evidence of the attack being detected. That is over three months of an attacker or attackers with a foothold.”
“The good news is over the past five years, the number of days to detect a breach has decreased. The bad news is that 100 days is still too long.”
Dwell time inherently benefits cryptomining; the longer they can operate on a network uncontested, the more money hackers can make. If enterprises wish to shorten the future of cryptojacking attacks, they will need to improve their threat detection to reduce dwell time as much as possible.
The future of cryptojacking attacks will interplay with the future of endpoint security for some time. Enterprises need to incorporate next-generation endpoint security with strong EDR capabilities to stay secure from malicious actors looking for an easy mark.