Report Finds Cryptojacking Instances Jumped 400% In A Year

A report by a group of cybersecurity researchers found that cryptojacking instances jumped more than 400 percent in a year.

AccessTimeIconSep 21, 2018 at 6:00 p.m. UTC
Updated Sep 13, 2021 at 8:24 a.m. UTC

Instances of cryptojacking malware have jumped more than 400 percent since last year, a new report finds.

A collaborative group of cybersecurity researchers called the Cyber Threat Alliance (CTA) published the report Wednesday, detailing the various and repercussions from cryptojacking – the illicit practice of hijacking a user's computer to mine cryptocurrencies.

Most notably, CTA points out in the research that the number of instances of illicit mining malware found has sharply spiked in the months from the close of 2017 to end of July 2018.

The report states:

"Combined data from several CTA members shows a 459 percent increase in illicit cryptocurrency mining  malware detections since 2017, and recent quarterly trend reports from CTA members show that this rapid growth shows no signs of slowing down."

In the key findings document, the alliance points to a particular exploit that has been plaguing the security world for over a year, Eternalblue, as one of the leading causes.

Eternalblue is the infamous NSA exploit that was used in the Wannacry ransomware and NotPetya attacks.

The CTA's analysis explains that a number of Windows operating systems remain vulnerable to the bug, despite a patch released by Microsoft. As such, these systems run a vulnerable network file sharing protocol dubbed SMB1.

Malicious actors target these susceptible machines for their processing power, which even simple cryptojacking software can hijack.

In fact, these actors have even begun repurposing existing software to specifically mine cryptocurrencies, the report said, explaining:

"Researchers noted in February 2018 that the BlackRuby Ransomware family began 'double dipping' by adding the open-source XMRig software to their tools to mine Monero. The VenusLocker Ransomware family completely shifted gears, dropping ransomware for Monero mining. The Mirai botnet, notable for its 2016 DDoS attack that used IoT devices to impact substantial portions of U.S. internet services, has since been repurposed into an IoT-mining botnet."

Further, by decreasing the mining rate, the malware can easily and cheaply be scaled across a network in large organizations and persist on the host computer for a longer time, resulting in a larger pay-out.

Palo Alto Networks, one the partners in the alliance, found that Coinhive dominates in terms of software used by malicious actors, with some 23,000 websites containing Coinhive source code.

Moreover, the group of security firms has noticed that malicious actors are shifting their focus from traditional systems and personal computers to Internet-of-Things devices like smart TVs.

The CTA also stressed that the presence of cryptojacking malware may just be an indicator of how insecure a system is, saying, "if miners can gain access to use the processing power of your networks, then you can be assured that more sophisticated actors may already have access."

Mining image via Shutterstock

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
New York Regulators Have Planted a Seed for Stablecoin Transparency

New guidance from the New York Department of Financial Services should shake up how stablecoin issuers do attestation and other reporting, says our columnist.

CoinDesk - Unknown
2
CoinDesk - Unknown
UK to Introduce Legislation on Stablecoins by August: BoE’s Cunliffe

There’s been at least a bit of delay in the framework thanks to recent resignations from Prime Minister Boris Johnson's government.

CoinDesk - Unknown
3
CoinDesk - Unknown
Binance Extends Zero-Fee Bitcoin Trading Globally

The crypto exchange is rolling out a program that started in the U.S. last month to its global client base.

CoinDesk - Unknown
4
CoinDesk - Unknown
Is MakerDAO Becoming ‘a Company Run by Politics’?

A series of recent votes prompted the largest governance participation in Maker’s history, with VCs on one side and the founding team on the other.

CoinDesk - Unknown