The initial purpose is legitimate, but they can also be used by attackers who run them on compromised websites. Some of this rise in browser-based cryptojacking comes from unintended sources, such as vendors who sell cryptojacking scripts as an alternative to running advertisements on websites.
X-Force research saw an explosion of cryptojacking activity in 2018, with cryptojacking attacks far exceeding all other forms of coin theft attacks. Alternatively, the script can be inserted into an online advertisement, whether malicious or wholly illegitimate, and used with a legitimate ad service so that the script runs every time the browser is open. 2018: The Rise of Cryptomining in the Browserīrowser-based cryptojacking involves a threat actor infecting a web server or website and then injecting a cryptomining script into an otherwise legitimate website. In instances observed by X-Force IRIS, attackers have attempted to plant malicious images on victims’ machines using wget and curl shell commands when victims simply visit a malicious page via a link in an email or through a compromised site. To get into user devices, threat actors often deploy cryptomining malware via command injection attacks against enterprise-level assets, such as vulnerable applications in content management systems (CMSs). These attacks are suited for cybercriminals at any skill level, do not require much in terms of interaction with third parties and can be monetized relatively easily when compared with malware operations such as ransomware and banking Trojans. To minimize interaction with other parties, including victims who may or may not pay, many criminals evidently prefer cryptojacking. But they can’t sell access or data without a buyer, nor can they profit from ransomware without someone on the other end willing to pay. Over time, cybercriminals have tried different methods, such as selling stolen data, locking a device and demanding ransom payment from its owner, and selling a remote shell to the compromised device to other threat actors who can then deploy their own attack tactics on that device.Īll of these tactics primarily require other people to become involved in their success - an option most criminals prefer to forego if only to avoid sharing the spoils.
Why would threat actors use malicious cryptomining instead of focusing on other attacks such as ransomware, for example? Threat actors can see some success in getting their malware on user devices, but for those motivated by monetary gain, converting that access into spendable currency has always been a challenge. What Could Be Driving a Shift to Cryptojacking? Historically, threat actors have targeted individual user boxes to drop cryptocurrency miners on, but recent research from X-Force Incident Response and Intelligence Services (IRIS) suggested that since at least 2017, threat actors have also tried to infect targeted internet of things (IoT) devices despite their low processing power. To review, cryptominers are placed on an infected machine or device and use its native processing power to mine for cryptocurrency. Research from X-Force has addressed cryptocurrency miners before. One of the ways they tie the two together is by using coin-mining malware. The value and popularity of cryptocurrency have been growing across the globe, and criminals are always looking for ways to generate passive income. This attack tactic is becoming a rising issue cryptojacking presents a unique challenge for organizations to detect and mitigate because malicious scripts are almost always hosted outside the organization’s zone of control.Ĭryptojacking definitely trended in 2018, but are tides about to turn? X-Force data from late 2018 and early 2019 showed that browser-based cryptojacking attacks are on the decline while also revealing a notable increase in malware-based attacks. In fact, our data shows a nearly 2-1 ratio, respectively. In 2018, X-Force saw a majority of browser-based mining versus the malware-based variety. This activity relies on the device’s central processing unit (CPU) power. Malware-based cryptomining attacks on a user’s device.Malicious mining via compromised websites, also known as cryptojacking.
There are two types of cryptomining attacks that have been making the rounds since 2018: The 2019 report showed that threat actors continue to use these attacks to compromise systems and generate a revenue stream. Data from the “IBM X-Force Threat Intelligence Index” for 2018 illustrated that threat actors have been increasingly using malicious cryptomining, aka cryptojacking attacks, to easily monetize their access to systems with minimal risk.
0 kommentar(er)
