BlackBerry exec believes that many businesses don’t have a great visibility about the combination of crypto mining apps with malware.
Cryptojacking attacks are both an internal and external threat, as the hacking groups are getting more organized in attempts to exploit vulnerabilities in the networks. However, there are also cases where some admins use valid entitlements to make money from illegally mining crypto using the firm’s network resources, and many organizations “don’t have great visibility” about it, says Josh Lemos, VP of research and intelligence at BlackBerry.
Lemos told Cointelegraph that a crypto mining software is not necessarily malicious but rather opportunistic utilizing compute resources for monetary gain, “although you often find it paired with malicious software,” and it’s also a fact not well-enough observed by some organizations when it comes to protecting their networks.
Any Cryptojacking malware can be dangerous
Lemos further elaborated on crypto mining apps getting sophisticated nowadays, saying that crypto miners don’t need to be sophisticated and can be deliver in various ways: “from JavaScript running on a website as a watering hole attack or embedded in a spear-phishing email to supply chain attacks with miners embedded in docker hub images and malicious browser extensions.” He went on to add that: “Distribution is the primary goal and with detection does not carry a meaningful risk, TAs can spread their miners far and wide.”
Recent cryptojacking cases, like Lucifer, show a pattern — the common usage of XMRig crypto-miner app in the attacks. BlackBerry executive explained why Monero (XMR) is often used in the attacks, rather than other currencies:
“Monero is pitched as more lucrative to the average user due to the nature of the mining algorithm. Anytime you have uneducated users looking for a quick buck, you will have more opportunities for exploitation. The old adage still holds true: the best way to get rich in a gold rush is to sell shovels. In this case, the shovels also contain malware.”
Pandemic driving cryptojacking attacks?
Lemos believes that the fact of hackers using full malware suites with capabilities that leverage numerous vulnerabilities to establish persistence shows a growing trend in such kind of cryptojacking attacks, and Lucifer is “a continuation or evolution of that trend.”
As the COVID-19 pandemic is still active in several countries, Lamos claims that as long as cryptocurrencies are being considered as a “valuable alternative investment,” the rising trend of the cryptojacking attacks “is here to stay,” as it’s not about blaming the coronavirus-related jump specifically.