Theft of computer processing power for cryptocurrency mining, a crime known as criptojacking, is on the rise. This indicates a new study by the IBM X-Force, an intelligence and threat research organization, which identified a 450% increase in cybercriminal use in 2018. Meanwhile, ransomware attacks in which hackers hijack the machine of the victim and request ransom in cash, suffered a decline in the same period.
La Casa de Papel Digital: Grows Others' PC Usage to Generate Money
Criminals hijack computers to mine cryptocurrencies Photo: Divulgao / FISL
Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc
The researchers believe the change occurred because ransomware infection, which had been a very lucrative activity for years, was beginning to make less profit for criminals. Already criptojacking has turned out to be a more efficient investment for the bad guys, possibly because it is a more discreet method. In addition, the growth of cryptocurrencies drew attention. Most well-known virtual currency, Bitcoin had its peak at the end of 2017, reaching more than $ 70,000.
A cryptojacking attack involves infecting a computer with malware or injecting browser-based access. Hidden, malicious software then uses the processing power of the affected machine to generate cryptocurrencies. With the process running in the background, CPU usage is skyrocketing and the system may slow down. Another problem, especially for businesses, is the vulnerability caused on their networks and devices. The presence of these malware indicates that the breach can be exploited in other types of criminal actions.
Chart shows growth of cryptographic attacks and reduction of ransomware attacks Photo: Divulgao / IBM Security
According to the study, more than half of the attacks (57%), however, do not even use malware. Instead, they take advantage of non-malicious tools, including legitimate administrative solutions like PowerShell and PsExec. Thus, the invasion is much harder to detect and can stay in the digital environment longer. This strategy can allow credential theft, query execution, database searching, access to user directories, and connection to systems of interest.
In addition to exploiting misconfigurations and other software vulnerabilities, there is also the human factor. Nearly 30% of the attacks analyzed included compromises through phishing emails, a social engineering tactic that convinces victims to click on links or install contaminated programs. In many cases, the scam was aimed at professionals responsible for making business account payments. The hacker impersonates someone inside the company, such as a director. According to the FBI, between October 2013 and May 2018, this type of fraud cost companies over $ 12.5 billion.
IBM X-Force points out ways for organizations to protect themselves against digital security threats. Important practices are access controls, software and hardware vulnerability remediation, and employee training to identify phishing attempts. It takes agility and collaboration. Risks from third parties, such as cloud services and vendors, should still be taken into consideration. Experts highlight the need for preventive measures in which companies actively fall threats.
On an individual level, whether at home or at work, users can also take some precautions to prevent cryptjacking attacks. Keep antivirus up to date, keep an eye on the legitimacy of the websites you visit, and be very cautious about the origin of downloaded files and installed programs. There are browser extensions that promise to block mining hacking attacks. Also, be aware of any anomalies in device performance and power consumption as they may be indicative of a scam. See also: How to block sites that use your PC to mine bitcoin or monero.