Cryptojacking Shot Up 8500% in 2017; How Criminals are Exploiting Your Computing Power to Mine Coins

Cryptojacking Shot Up 8500% in 2017; How Criminals are Exploiting Your Computing Power to Mine Coins

By Benson Toti - min read
Updated 21 March 2023

Cryptocurrency mining attacks have gone through the roof, a report from Symantec dated April 10 indicates. The attacks also known as cryptojackings have gone up a record 8500% as criminals seek to harness the computing power of the crowd to mine coins. Symantec logged 1.7 million in December alone.

Cryptojacking involves using the computer resources of another person to mine coins without their knowledge. The process typically consumes a lot of electricity and compromises a computer’s performance.

Mining

2017 was yet another year of extraordinary cyber crime and mounting damage,  Symantec says. Criminals are becoming more organised, innovative and sophisticated, the security company says in its latest report.

According to David Rajoo, Symantec’s systems engineer director for Philippines, Malaysia and Indonesia “Cryptojacking is a rising threat to cyber and personal security.”

Mining remains a major attraction after cryptocurrencies exploded in value in 2017. Mining is the process through which new coins are created by solving complex algorithms.

“The massive profit incentive puts people, devices, and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers,” Rajoo said.

“Coin mining slows devices and overheats batteries. For enterprises, coin miners put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost,” the Symantec report says.

IoT Devices Ripe Target

IoT devices are a ripe target for such attacks, the report notes. “Symantec™ already found a 600 percent increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse.”

Interestingly, ransomware attacks have gone down although they have become more varied. This could indicate that criminals are finding mining more profitable.

It could also mean they have found more efficient tools. Wannacry was the most prominent and widespread ransomware attack. Several high profile institutions were hit by the service denial attack including the UK’s NHS and prominent shipping companies. The hackers demanded payment in cryptocurrencies.

According to Symantec, ransomware variants climbed by just 46% in what they say criminals are innovative less but remaining productive.

Mining Extensions

Google recently banned new cryptocurrency mining extensions over similar concerns. Existing ones will be pulled down from the Web Store by the end of June according to the tech giant. Google made the blanket decision after discovering a high number of extensions containing crypto miners were mislabelled.

Spear Phishing Main Mode of Attack

Spear phishing is the most popular way attacks are generally launched constituting 71% according to Symantec. It involves sending mail with malicious software designed to steal information from users.

Hacker

Customers are advised not to open suspicious email as a way of avoiding attacks. These should also be deleted.

Spear phishing is a low tech method but remains highly effective. The US remains a major target for such attacks.

Attacks Through Supply Chain

Attacks through software supply chains went up 200% in the last year. This method involves implanting malware into legitimate software and leaving them in their usual location of distribution online.

As vulnerabilities become rare, attackers are increasingly using this method as an entry point. The Petya/Not Petya attack where a Ukrainian accounting software was used as a Launchpad is a case in point.

From Ransomware to Cryptojacking

The ransomware market seems to have shrunk since 2016 and the focus shifted to crypto-mining in 2017 as an alternative. Ransom demands, for example, dropped by half to $522 in 2017, Symantec points out.

Hacking

Bitcoin mining is not a viable option on small computers due to sheer computing power needed. Alternative cryptocurrencies like Monero can, however, be easily mined through ordinary personal computers. Monero also has the advantage of anonymity.

Browser Mining Saw Biggest Jump

Browser based mining saw the biggest jump in 2017. This happens inside a browser and “implemented using scripting languages.”

The launch of browser based mining by Coinhive spurred interest in this area. In this model, users are given the option of running mining scripts on their computers instead of having to view adverts.

While users are urged to be transparent, Coinhive “is somewhat powerless to prevent unscrupulous operators from using it to carry out secret mining with the hope that users won’t notice.”

Browser based mining requires little skills and can be carried out even in some of the most protected computers.

As most users may not realise their computers are mining coins, the option presents a less disruptive way of earning easy money for attackers.

8 Million Mining Events Blocked in December Alone

Symantec blocked 8 million coin mining events in December alone marking an increase of 34,000 per cent since January 2017.

“Coinminers made up 24 percent of all web attacks blocked in December 2017, and 16 percent of web attacks blocked in the last three months of 2017, demonstrating the big impact of these browser-based coinminers,” Symantec said.

Consumer machines were the most affected. They work best on sites where consumers spend the maximum amount of time. Browser-based mining also means they work across several platforms whether they be Windows or Mac.

Crypto mining

“Just as they are not limited to one operating system, cybercriminals distributing coin miners do not seem to be limited to using just one distribution vector. In the latter part of 2017, there were multiple reports of campaigns spreading coinminers.”

Miners use different distribution channels including deploying miners to unpatched machines, using Facebook and Messenger to install Monero miner on compromised WordPress sites. One such attack is said to have generated $100,000 before it was discovered.

Mobile malware continues to grow with variants up 54% in 2017.