Easy money: Cryptocurrency mining trojans are trending
It’s hard to miss the irony of the British government’s Information Comissioner’s Office (ICO) being targeted by an illegal cryptocurrency mining campaign. After indications that attackers had exploited the computers of visitors to the website in an illegal effort to mine cryptocurrency, the ICO website was taken offline. Monero mining campaigns like these have been accumulating lately. In this case, cybercriminals secretly integrated Coinhive into BrowseAloud, a screen reader module that makes Internet access easier for the visually impaired. Regardless of the method used to infect target devices, mining trojans are evidently currently favored among cybercriminals after the ransomware attacks of recent years.
It remains to be seen whether ransomware will overtake mining trojans again but at the moment a large number of cybercriminals seem to prefer the indirect method of stealing CPU cycles to generate cryptocurrency rather than holding users to ransom directly. Mining cryptocurrency requires large amounts of computing power and electricity which is simple to harvest from unsuspecting Internet users. Unfortunately the crypotocurrency Monero has become notorious in this emerging technology as its open source client could be hacked particularly easily. According to anti-virus software developer ESET, criminals were able to generate Monero worth more than 63,000 US dollars with several hundred infected servers in three months. Recently even a telecoms provider automatically redirected users to pages with mining trojans, although whether this was intentional or the result of a malicious attack is unclear.
For private users who run their own server, this does not initially have much of an affect, although fans will start more frequently and electricity use will also increase. However, unauthorized control over a device by unknown parties has far reaching consequences. Once an attacker establishes a way in, they could use this route for installing other malicious software in future. In the business world, the misappropriation of server resources by malicious software has a direct effect on response times for users. If no further resources can be added, which of course costs money, potential customers may cancel the order process out of annoyance which may negatively impact sales. The fact that other malware could also be dropped onto the server does not make things any better.
But apart from the slight shaking of heads over the increasingly imaginative business models of cybercriminals, the new trend is not worth reacting to. Cryptocurrency mining malware spreads in the usual ways and can be defeated by existing protection tools. The fact that this malware works in secret behind the scenes and does not directly hold the user to ransom makes discovery more difficult and requires proactive intervention. Protection software, timely patching, common sense and a reasonable backup concept can all help against cryptocurrency mining trojans. Businesses do not need to panic unnecessarily about this latest wave of mining trojan. Infections can be spotted relatively easily due to sharp increases in CPU load. Such an attack poses risks to the ‘holy trinity of information security’ – confidentiality, integrity and availability – and should be treated like any other malware. Business as usual then.
If we can expect any impact from crypotocurrency mining malware, it is more likely to come in the form of regulatory change as the cryptocurrency scene has been largely unregulated to date. Regulators who are already suspicious of the anonymity of cryptocurrencies and fear their misuse for money laundering will not stand still without intervening for long. Some countries would rather enforce strict guidelines today than tomorrow. Mining trojans are already fueling the skepticism of cryptocurrency critics. Consumers and business users should continue to implement all possible IT security measures, stay calm and maybe bet two bitcoin on the next cybercriminal business model.