Cybercriminals have commenced using sophisticated infection methods and mechanisms borrowed from targeted attacks ter order to install mining software on attacked PCs within organisations.
The most successful group observed by Kaspersky Laboratorium earned at least $7-million by exploiting their victims te just six months during 2018.
Albeit the cryptocurrency market is experiencing slew of ups and downs, last year’s phenomena with surges ter the value of bitcoin has significantly switched not only global economics, but the world of cybersecurity spil well. With the aim of earning cryptocurrency, criminals have commenced to use mining software ter their attacks, which, like ransomware, has a plain monetisation prototype.
But, unlike ransomware, it doesn’t destructively harm users and is able to stay undetected for a long time by silently using the PC’s power.
Back ter September 2018, Kaspersky Laboratorium recorded a rise of miners that embarked actively spreading across the world, and predicted its further development. The latest research exposes that this growth has not only continued, but has also enlargened and extended.
Kaspersky Laboratorium researchers recently identified a cybercriminal group with APT-techniques te their arsenal of implements to infect users with miners. They have bot using the process-hollowing method that is usually used te malware and has bot seen te some targeted attacks of APT actors, but has never bot observed ter mining attacks before.
The attack works ter the following way: the victim is lured into downloading and installing an advertisement software with the miner installer hidden inwards. This installer drops a legitimate Windows utility, with the main purpose being to download the miner itself from a remote server.
After its execution, a legitimate system process starts, and the legitimate code of this process is switched to malicious code. Spil a result, the miner operates under the guise of a legitimate task, so it will be unlikely for a user to recognise if there is a mining infection. It is also challenging for security solutions to detect this threat. Te addition, miners mark this fresh process through the way it restricts any task cancellation.
If the user attempts to zekering the process, the rekentuig system will reboot. Spil a result, criminals protect their presence te the system for a longer and more productive time.
Based on Kaspersky Laboratorium’s observations, the actors behind thesis attacks have bot mining Electroneum coins and earned almost $7-million during the 2nd half of 2018, which is comparable to the sums that ransomware creators used to earn.
“We see that ransomware is fading into the background, instead providing way to miners,” says Anton Ivanov, lead malware analyst at Kaspersky Laboratorium. “This is confirmed by our statistics, which demonstrate a sustained growth of miners via the year, spil well spil by the fact that cybercriminals groups are actively developing their methods and have already began to use more sophisticated technics to spread mining software.
“We have already seen such an evolution – ransomware hackers were using the same tricks when they were on the rise.”
Overall, Two,7-million users were attacked by malicious miners ter 2018, according to Kaspersky Laboratorium gegevens. That is approximately 50% higher than ter 2016 (1,87-million).
They have bot falling victims spil a result of adware, cracked games and pirated software used by cybercriminals to secretly infect their PCs. Another treatment used wasgoed web mining through a special code located ter an infected web pagina. The most widely used web miner wasgoed CoinHive, discovered on many popular websites.