PREDI C TI VE I NTEL L I GE NC E
Digging into the future of
cryptomining
botnets
The Blockchain sector is now bursting with innovation,
with developers looking for new, pragmatic ways to use
this secure distributed ledger technology across a range
of applications. As always, cybercriminals are among the
earliest adopters and are unfortunately helping to push forward
public awareness of the technology, Gadi Naveh, Threat Prevention
Evangelist at Check Point warns.
C
ryptomining
malware is now
by far the most
common event
we are seeing
attacking our user
base and this is
only the beginning. Since December
2017, the Coinhive cryptominer, which
performs online mining of the Monero
cryptocurrency, has been the most
common type of malware seen globally,
impacting nearly 20% of organisations
worldwide over the past four months.
What’s more, volumes of cryptomining
attacks are doubling and re-doubling
month by month.
Mining money on every attack
An attacker is always aware of the
amount of revenue their malware can
www.intelligentciso.com
|
Issue 04
make and will quickly adapt their
technique to deliver the best possible
ROI. Most attacks are linked together in
a funnel, in which each step needs to
pay the previous level for the ‘leads’ it
provides. The usual funnel will be:
Targets > delivery > infection
> monetisation
Each step has a success ratio, such
as the percentage of spam emails that
bypass spam filters, or the percentage of
successful exploits (the infection rate) or
the rate of click-through on infected files.
The monetisation step has its success
rate as well. To earn from an infection,
the identity of the target needs to match
your attack profile. Think of phishing
sites or banking trojans, the infected
user needs to be doing online banking
with your supported list of banks which
reduces the number of infected users
you can cash-in on.
The first malware evolution to use
cryptocoins for the revenue stream was
ransomware. Ransomware doesn’t need
to adapt to a specific bank. Every target
is vulnerable to ransomware as every
machine and user has files of value
which the user will be incentivised to pay
a ransom in order to retrieve.
Unfortunately for the attacker, the
ransom pay-out rate is under 1% of
all infections. This was witnessed in
the WannaCry campaign and in our
analysis of the Cerber Ransomware–as-
a-service campaign.
Cryptomining solves this problem of
low returns (and of course relatively
33