Botnet operators abandon DDoS attacks for cryptocurrency malware

September sees upypk cryptojacking

While the number of unique users attacked by miners has certainly fallen from market fever at the beginning of this year, September has seen an increase for the first time in months.

Kasperksy notes that botnet reprogramming has also led to a decline in DDoS attacks recorded in Q3 this year, since hackers believe that encryption is more lucrative and less competitive.

"This has been driven not only by the high popularity of cryptocurrencies, but also by the strong competition in the" DDoS market ", analysts wrote.[This] it made attacks less costly for customers, but not for botnet creators themselves, who still have to cope with more than a few non-legal "organizational problems". "

An example provided was the Yoyo botnet. The company has seen that Yoyo is now launching fewer DDoS attacks than before (despite the increase in activity at the start of this year), without the data suggesting to its owners (or the authorities) to have it dismantled.

Cryptojacking (and Monero) adapts to cybercriminals

Kaspersky elaborates the attractions of cryptojacking for cyber criminals: they usually manage to get away with it.

The researchers explain that it can be virtually impossible for the owner of an infected machine to realize that they are actively extracting the cryptocurrency. This greatly reduces the chances of attackers coming into contact with cyber-politics.

They also argue that Monero is still the most widespread cryptocurrency among illegally extracted coins, which can be generated by desktop browsers using standard common laptop processors.

"This is due to its anonymous algorithm, its relatively high market value and ease of sale, as it is accepted by most major cryptocurrency exchanges," Kaspersky reiterated. "For botnets that extract this money illegally, it is important that CPU resources can be used."

A few months ago, estimates suggested that the value of $ 250,000 of Monero was extracted each month through internet browsers, thanks to the alleged CoinHive cryptocurrency mining script.

Not long after, McAfee Labs revealed that hackers had released 2.5 million different versions of the screenplay in just three months.

You can not tie the cryptogens away

The analysts of Kaspersky have unfortunately concluded that the legislative control on cryptocurrencies "has a limited impact on the spread of the hidden [cryptocurrency] extraction."

In fact, the cryptographers are actually enjoying success in Algeria and Vietnam, where governments severely restrict or forbid access to cryptocurrency according to national law.

"Vietnam is [very high] in the rankings of […] countries by number of miners attacks and Algeria is sixth, "the researchers point out." Meanwhile, Iran, which is currently drafting legislation to govern cryptocurrency and is developing plans to issue its 39; coins & # 39 ;, is in seventh place. "