A recent report shows that cryptojacking is a prime example of cybercriminals’ shift to “low and slow” attack approaches.
Cybercriminals are reportedly favoring unhurried approaches in attacks made for financial gains, with cryptojacking as a prime example of this shift. IT news website ComputerWorld reported on this development on March 14.
Data released by cybersecurity company Darktrace reveals that cryptojacking attempts increased by 78 percent in 2018, and, according to ComputerWorld, the company also said that this trend continued in 2019.
The ComputerWorld article cites Max Heinemeyer, director of threat hunting at Darktrace, commenting on the findings. He reportedly said that since many ransomware victims may be unable to pay a ransom in Bitcoin (BTC) due to technical ineptitude, cryptojacking might be a better approach.
He added that “it [cryptojacking] is low and slow and guarantees a profit,” while ransomware does not. ComputerWorld also quotes Heinemeyer as stating that the barriers to entry to creating cryptojacking malware are low.
Heinemeyer also said that other methods, such as stealing credit card credentials, are cumbersome since criminals need to establish money laundering networks in order to avoid law enforcement. Lastly, he also noted:
“We've seen so many different variants of how these pieces of malware are spreading or being loaded.”
Per the report, he cited a company based out of the United Kingdom that saw over 400 devices very quickly infected by a cryptojacking malware after an initial infection via a phishing email. Also, according to Heinemeyer, one system admin installed a mining device underneath the floorboards of the data center where he worked at a major European bank in a creative cryptojacking move.
The article also suggests that such attacks mine the Monero (XMR) blockchain, since unlike Bitcoin, it is more suitable for mining on non-specialized, even consumer-grade, hardware. However, Cointelegraph recently wrote that a Monero upgrade has made the coin more resistant to ASIC mining.
As Cointelegraph has reported, of about 400 servers running virtualization software Docker that were found to be vulnerable to outside exploitation, most were seemingly running Monero mining software.
Also, United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero coin mining code in February.