Traditional ransomware attacks are in decline as businesses refuse to pay up—but according to a new report by cybersecurity firm SonicWall, cryptocurrencies are still being used to extort unsuspecting victims.
A staggering 332.3 million cryptojacking attacks were recorded in the first half of 2023—a 399% increase when compared with the whole of last year. To put this figure into context, that's more than 2020, 2021, and 2022 combined.
Cryptojacking involves exploiting servers and devices belonging to other people to mine digital assets, with privacy-centric Monero being the most popular. Those affected may not even realize that they are victims; they may just notice that their machines are running slower than usual.
Malicious cryptojacking code found in 11 Ruby libraries
Cryptojacking software has been found in 11 code libraries for the programming language Ruby—exposing thousands of people. The latest heist, discovered yesterday on code repository Github made use of a package manager called RubyGems, a popular program that allows developers to upload and share improvements on existing pieces of software. The hackers hid their code in 11 popular libraries on RubyGems by downloading the software, infecting them with malware, then re-uploading them to RubyGems u...
Spencer Starkey, VP of EMEA for SonicWall, told Decrypt via email that the biggest symptoms of cryptojacking include a slower response on devices, surprisingly higher electricity bills, and excessive fan use brought on by overheated batteries.
"As cryptojackers aim to go undetected for as long as possible, it can be perceived as a 'victimless' crime, compared to impactful malware such as ransomware or banking trojans," Starkey said.
And while you may think that declining Bitcoin prices would prompt malicious actors to divert their criminal activities elsewhere, SonicWall's research suggests market downturns have actually had the opposite effect—with the number of attacks surging as criminals battle to make the same profits.
"Threat actors are relentless, and our data indicates they are more opportunistic than ever, targeting schools, state and local governments, and retail organizations at unprecedented rates," SonicWall's president and CEO Bob VanKirk said in a news release emailed to Decrypt.
The figures suggest that malicious actors are looking for less expensive—and less risky—ways of making a quick buck.
According to SonicWall's midyear report, the US, Denmark, Germany, France, and the United Arab Emirates were most affected by cryptojacking, with the whole of Europe witnessing a 788% rise in the number of incidents.
This research paints a picture of cybercriminals continually shifting their tactics to evade capture. One common method for targeting victims in recent months has been to distribute HonkBox cryptojacking malware in cracked versions of the video editing software Final Cut Pro. As the old saying goes, there's no such thing as a free lunch.
And while cryptojacking may seem kinder than encrypting a company's files and threatening to release them unless Monero is paid, those behind these attacks still lack scruples. Incidents targeting the healthcare industry were 69 times higher in the first half of 2023 than over the same period a year earlier. The education sector also saw 320 times more attacks.
"Hackers search for the weakest points of entry, with the lightest possible repercussions, limiting their risk and maximizing their potential profits," SonicWall's vice president of product security Bobby Cornwell said.
A massive botnet is using YouTube to mine cryptocurrency
A new report from cybersecurity firm ESET has uncovered that the operators behind the Stantinko botnet have been using YouTube pages and channels to install crypto-jacking malware on visitors' computers. The Stantinko botnet, initially discovered in 2017 (though has been operating “covertly” since 2012), has reportedly infected more than half-a-million devices around the world, and targets users primarily in Russia, Kazakhstan, Belarus, and the Ukraine. According to ESET, the operators of the bo...
While it might be a little early to write off the threat of ransomware—which brought the UK's National Health Service to its knees in 2017 and slowed the Colonial Pipeline to a standstill in 2021—these sobering figures indicate that crypto-hungry hackers aren't going anywhere.
Starkey went on to warn that cryptojacking has been adopted by nation-state-backed threats, all the way down to employees who are deploying miners on corporate infrastructure without permission.
"Because of its covert detection footprint and return on investment for actors—adoption will likely continue to grow across the threat actor ecosystem," he said.
