Researchers at NTT Security's Global Threat Intelligence Center (GTIC) issued a warning regarding the mining cryptocurrency malware in a report published today.
NTT Security has visibility on 40% of global Internet traffic and its GTIC has detected about 12,000 samples of cryptocurrency malware since March 2015.
Crypto-mining malware infects computers through the same channels as other malicious software. NTT Security noted that phishing emails were the most common method of software transmission. The software works by siphoning the power and resources of the host computer to extract the digital currency without the legitimate owner of the device knowing it and with the mining proceeds sent to the malware creator.
There is another means by which owners of unsuspecting devices may have the power of their computer hijacked for the purpose of extracting digital currency, and this can be achieved without installing any malware on the host computer. A company known as Coinhive offers a JavaScript-based cryptocurrency miner, which a website can incorporate into its code to use the computing resources of various devices connected to that site to extract virtual currency.
Basically, Coinhive allows websites to silently extract cryptocurrency using user computer resources while they are connected to the site. Coinhive's intention is to offer an alternative income generation method to digital media providers who prefer not to rely on advertising as a source of revenue. Despite Coinhive's benign intentions, the instrument they created has the potential to be abused on a large scale. NNT security found that nearly 38,000 websites have Coinhive's JavaScript miner embedded in their code.
Terrance DeJesus, research analyst on threats to NTT Security, said:
"The use of coin miners will undoubtedly grow and become more advanced over time, possibly being incorporated into other types of malware such as bank trojans and ransomware.There are serious economic implications in ignoring this current threat We are encouraging all companies to be more alert to cyber security threats for their businesses.There are often simple and effective ways to mitigate risks, but too often the most obvious things are overlooked. "
The cryptocurrency chosen to be extracted in this way is Monero (XMR). The privacy-oriented currency hides transactions on its blockchain, making it impossible to see the addresses and quantities involved and preventing anyone from tracking the movement of a given XMR.
The Monero blockchain also hides users' XMR balances, so a "rich public" list is not available. Monero's opacity led to a boom in the popularity of cryptocurrency on the Dark Web. The hackers behind the infamous computer attack of WannaCry last year have recently converted a sizable portion of their illicit gains into XMR from BTC. While the association with criminals has led to a negative public conception of Monero, it also speaks of the effectiveness of the currency in maintaining anonymity.
Monero also showed an exponential growth in price since it debuted in 2014 at $ 2.45 per coin. At the time of writing, XMR is worth about $ 333 per currency, down from its record high of $ 494.16 in December last year. This made Monero not just a fully private store of value, but also a financially beneficial one, which encouraged XMR users to keep it for themselves, rather than using it solely as transactional currency.
NTT recommends that all organizations take the following measures to ensure that their computer resources are not exploited by cryptographic malware:
- Conduct regular risk assessments to identify vulnerabilities in the organization.
- It adopts a defensive approach to cybersecurity, meaning having multiple levels of security to reduce exposure to threats.
- Regularly update systems and devices with the latest patches and deploy intrusion, detection and prevention systems to block attacks.
- Instruct employees on how to handle phishing attacks, suspicious e-mail links, unsolicited e-mails and attached files.
- Proactively monitor network traffic to identify malware infections and pay particular attention to the security of mobile devices. "