For financially-driven cyber attacks, online criminals now favour a ‘low and slow’ approach as opposed to previously preferred methods like ransomware.
According to research by British cybersecurity upstart Darktrace, a new generation of crypto mining-based malware threatens to steal electricity and bandwidth from user devices and data centres.
Malware overtaking ransomware as method of choice
Back in 2017, the WannaCry ransomware attack targeted computers running Microsoft Windows by encrypting data and demanding payments in Bitcoin.
Despite the fact it was stopped within a few days of its discovery thanks to emergency patches released by Microsoft, the attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.
While this forced IT security experts to focus their attention on preventing ransomware breaches wherever possible, it has also encouraged cybercriminals to identify other means of attack.
For example, Darktrace has reported that throughout 2018 and 2019, there had been an increasing prominence of malware with crypto mining payloads, as well as the return of banking trojans.
Darktrace Director of Threat Hunting Max Heinemeyer said that he had seen “very creative forms of crypto jacking going on” because ransomware victims may not have been tech-savvy enough to make Bitcoin payments.
“A better approach might be to go underground and use crypto mining because it is low and slow and guarantees a profit,” he revealed.
Examples of low and slow malware attacks
Heinemeyer revealed that when one company in the UK was hit with a crypto mining variant via a spear phishing email, it spread through the organisation within minutes and reached more than 400 devices.
“We’ve seen crypto mining malware that isn’t running at full capacity to avoid overheating computers and making the fan spin at 100 percent, to avoid these physical implications of being very loud,” he said.
“We’ve seen so many different variants of how these pieces of malware are spreading or being loaded it’s fair to say there are a lot of players in the crypto mining market, and the barriers to entry to creating your own crypto mining malware is rather simple these days.”
One of the reasons why cybercriminals are now focused on crypto mining is because credit card fraud has become ‘cumbersome’. Unless the online assailant has established money laundering networks where intermediaries could buy goods with the stolen data, law enforcement agencies will be notified immediately.
Crypto mining isn’t necessarily as damaging as ransomware attacks, but because it compromises machines with devastating effect, other back doors can be easily established.
“So there’s still a huge risk to it besides the obvious electricity and computing power that’s being stolen,” Heinemeyer said.
Darktrace predicts that as cyber security advances, attackers will look to develop more sophisticated methods to operate under the radar. As a result, IT decision makers should consider adopting equally advanced security measures such as artificial intelligence to learn patterns of behaviour and mitigate threats.