A new report from McAfee spotlights a surge in crypto mining malware that began during the fourth quarter of last year and continued through the first half of 2018.
As a result, your network might operate more slowly with no other visible signs of having been hacked.
The report also cites the continued adaptation of the type of malware vulnerability exploited in the WannaCry and NotPetya outbreaks of 2017.
“A few years ago, we wouldn’t think of internet routers, video-recording devices, and other Internet of Things devices as platforms for crypto mining because their CPU speeds were too insufficient to support such productivity,” said Christiaan Beek, lead scientist and senior principal engineer with McAfee Advanced Threat Research.
“Today, the tremendous volume of such devices online and their propensity for weak passwords present a very attractive platform for this activity,” Beek added. “If I were a cybercriminal who owns a botnet of 100,000 such IoT devices, it would cost me next to nothing financially to produce enough cryptocurrency to create a new, profitable revenue stream.”
In crypto mining schemes, hackers break into your system and use your computers to mine cryptocurrency. Although crypto mining malware is less common than ransomware, McAfee said it is rapidly emerging as a major threat.
According to the report, new crypto mining malware samples grew 629 percent to more than 2.9 million samples in the first quarter of 2018. During the second quarter, total samples grew by 86 percent with more than 2.5 million new samples. Additionally, McAfee said older malware such as ransomware is being retooled with mining capabilities.
“In some cases, crypto mining targets specific groups rather than a broad field of potential victims. One crypto mining malware strain has targeted gamers on a Russian forum by posing as a ‘mod’ claiming to enhance popular games,” the report stated. “Gamers were tricked into downloading the malicious software, which proceeded to use their computer resources for profit.”
The report said crypto mining malware primarily targets PCs, but other devices such as Android phones in China and Korea have been exploited by the ADB.Miner malware into producing cryptocurrency for hackers.
McAfee said new malware samples specifically designed to exploit software vulnerabilities increased by 151 percent in the second quarter of 2018. McAfee said the WannaCry and NotPetya threats have been repurposed within new malware strain.
“WannaCry and NotPetya provided cybercriminals compelling examples of how malware could use vulnerability exploits to gain a foothold on systems and then quickly propagate across networks,” Beek said. “It’s still surprising to see numerous vulnerabilities from as far back as 2014 used successfully to spearhead attacks, even when there have been patches available for months and years to deflect exploits. This is a discouraging testament to the fact that users and organizations still must do a better job of patching vulnerabilities when fixes become available.”