Ransomware is passé as cybercriminals find a new weapon of choice

Last year, ransomware malware such as WannaCry, Judy and NotPetya unleashed havoc as they crippled banks, hospitals and other companies across the world. But cybercriminals have now switched their focus to a new tool this year to launch cyber attacks—cryptomining malware.

American cybersecurity giant ​​Skybox Security said in a mid-year update to its Vulnerability and Threat Trends report that cryptomining malware accounted for 32% of the cyber attacks in the first six months of 2018, compared with just 7% a year earlier. The share of ransomware malware dropped to 8% from 32%.

The report is compiled by a team of analysts at Skybox Research Lab. It aims to help organisations by assessing the content threat landscape so that they can align their security strategies accordingly.

“In the last few years, ransomware reigned supreme as the shortcut money-maker for cybercriminals,” said Ron Davidson, Skybox’s CTO. “It doesn’t require data exfiltration, just encryption to hold the data hostage and a ransom note of how the victim can pay up. With cryptominers, the criminals can go straight to the source and mine cryptocurrency themselves. There’s no question of if they’ll be paid or not.”

Marina Kidron, Skybox director of threat intelligence and leader of the lab behind the report, said ransomware received a lot of attention thanks to the likes of WannaCry, NotPetya and BadRabbit. This prompted organisations to take precautions and thwart such attacks. “So cybercriminals found—in cryptomining—a path of lesser resistance. The recent uptick in value of cryptocurrencies also made this an incredibly profitable attack option.”

Cryptomining, according to online tech dictionary Webopedia, is defined as the process which validates transactions for various types of cryptocurrencies and adds them to the blockchain digital ledger. The process in itself is a contest as several miners compete to authenticate a transaction by correctly decoding the cryptographic hash functions that are associated with a block containing the transaction data. The first miner to crack the code is rewarded to authenticate the transaction and, in return for the service, gets a few cryptocurrencies.

A cybercriminal hijacks and uses the computational power of compromised assets (cryptomining computers) to add new blocks to the blockchain of digital currencies such as Bitcoin, thereby benefitting from the reward cryptocurrencies.

The Skybox report said that unauthorised cryptomining has several advantages over ransomware. It can be continued indefinitely in the stealth mode as the victim is never notified for paying up the ransom. Also, the payment isn’t decided by the victim as it depends on the attack itself, the report said.

Several other observations in the report complimented the findings of rise in crypto mining. Internet and mobile vulnerabilities accounted for a third of all the new vulnerabilities published in the report. Google’s Android had the most number of vulnerabilities as compared to the other vendors, the report said.