Cyber criminals have been given a boost by the combination of soaring crypto prices and the ongoing pandemic, as noted by Phil Muncaster. While ransomware dominated the cyber-threat landscape in the past, cryptojacking emerged as a significant threat a few years ago. As detections of ransomware decreased in 2018, incidents involving cryptocurrency mining malware increased due to the booming digital currency market. However, ransomware made a comeback with the rise of ransomware-as-a-service, affiliate groups, and double extortion, leading to a 485% increase in attacks in 2020 during the pandemic.
Despite the resurgence of ransomware, cryptojacking continued to evolve and become more prolific. While the impacts of cryptojacking may seem minimal, such as higher energy bills and slightly slower servers, it remains a popular method for cyber criminals to make money. Recent reports have shown a significant increase in detections of cryptojacking intrusions, attributed to the rising value of digital currencies. Monero remains a popular target for cryptojacking due to its lower mining requirements and anonymity.
The techniques used to distribute coin-mining malware have remained largely similar over the years, including scripts embedded into web pages and phishing tactics. However, some threat actors are employing more sophisticated methods to evade detection. Groups like Lemon Duck, WatchDog, and TeamTNT have enhanced their operations to include attacks against cloud infrastructure and Kubernetes lateral movement attacks, making them technically proficient and persistent threats.
The pandemic unintentionally created more opportunities for cryptojackers, particularly targeting the growing public cloud infrastructure supporting remote and hybrid workers. As more users access data and applications in the cloud from personal devices, the attack surface expands, leading to increased risks from shared cloud services. Small and medium-sized enterprises (SMEs) are particularly vulnerable to client-side attacks due to their reliance on third-party JavaScript and low-security websites.
To mitigate the risks posed by cryptojacking, organizations should prioritize security hygiene practices, such as regular patching, endpoint protection, and privileged user account protection. Cloud-based next-gen firewalls and industry standards like CIS benchmarks can help detect and prevent malicious activities targeting cloud environments. Adopting a ‘shift-left’ security mindset by embedding cloud security into code reviews and development pipelines can also enhance security posture.
The transparency and evidentiary trails provided by blockchain technology can aid investigators in tracking down cyber criminals and recovering stolen assets. By leveraging blockchain’s capabilities beyond storing and transferring value, businesses can protect their assets more effectively.
In conclusion, while cryptojacking may seem like a less severe threat compared to ransomware, organizations should not underestimate its potential risks. By implementing robust security measures, staying vigilant, and leveraging emerging technologies, businesses can better defend against the evolving threat landscape posed by cyber criminals.