Two out of every five people are not aware of the existence of cryptomining websites and malware. According to a research conducted by Avast in March, 25% of computer users in the US did not know what cryptocurrency is.
The survey also reveals worrying misconceptions about cryptomining malware. Almost half of those surveyed believe the malicious software cannot spy or steal their data. Nearly a fifth believe they are vulnerable since they do not participate in mining.m
“With the growing IoT landscape, PC users are no longer the sole victims of cryptomining malware. Now, IoT devices and smartphones are just as easily hijacked and turned into cryptomining machines — and it doesn’t matter if you own cryptocurrency or not,” said Ondrej Vlcek, CTO, EVP and GM, Consumer, at Avast.
“This is the kind of malware that can run quietly in the background of any smart device. Our hope at Avast is to dispel myths and educate users on the very real risks cryptomining presents to personal data and device performance,” Vicek said in a press release.
IoT Devices New Attraction for Cyber Criminals
Cryptominers are taking advantage of the large number of IoT devices coming online to maximise profit, Avast says.
IoT estimates that it will need 12,000 vulnerable devices to generate $1000 worth of Monero for the duration of the event.
Apart from high energy consumption and compromised device performance, cryptomining is largely invisible to the user. They can however shorten the life of a device considerably.
A recent report by Symantec shows that phishing attacks remain a common way of deploying malware. This relatively old tech method uses emails with malicious software to make attacks.
Privacy Risks
Cryptomining carries significant privacy and data risks in the IoT landscape that needs to be addressed.
Avast has announced it will provide a security offering at the end of the year to keeps homes private and secure.
The Symantec report also noted the prevalence of browser mining, where cryptomining software use a device’s computing resources when the user opens web pages containing them.
Symantec and Microsoft have noted that cybercriminals have been shifting focus from ransonware attacks to cryptomining after a spike in cryptocurrency values late last year. Cryptomining attacks on enterprise computers, for example, doubled between December and January according to a Windows Defender Research blog.
According to the blog certain software change start up settings such that they run every time a device is booted.
Cryptojackings Shot Up Dramatically
The report by Symantec noted that cryptojackings, as they are sometimes called, went up by 8500% in 2017. The study found that attacks on IoT devices had gone up 600% in 2017.
Google has also been having a problem with mining extensions. It recently announced it was banning all extensions with mining software from the Web Store.
All cryptomining extensions will be pulled down by the end of June according to the tech giant.
In a bid to create awareness, the antivirus company will be conducting a live experiment using IoT and mobile devices to demonstrate their vulnerabilities during the RSA 2018 conference. RSA is an annual security conference.
The challenge will involve using participants mobile phones to mine Monero. The exercise is meant to help users gain a deeper understanding of cryptomining threats.