Every month, Check Point publishes its Monthly Top Malware Report, tracking the latest trends and patterns in the global cyber threat landscape.
And every month, the top spots are filled by illicit cryptomining malware. Coinhive, the most prevalent cryptominer malware in the world, has impacted one-in-five organizations across the world.
Reaching 40 percent of the world’s organizations, cryptomining malware has overtaken ransomware as the biggest, most prevalent threat looming in our sights, which makes the latest white paper from the Cyber Threat Alliance all the more important in making sense of this new reality.
Founded in 2014 and officially launched as a not-for-profit entity at RSA 2017, the Cyber Threat Alliance brings together the top companies in the cybersecurity industry to collaborate and share threat intelligence – for the common goal of making the digital world more secure. This landmark white paper, the Illicit Cryptocurrency Mining Threat, draws upon the expertise of top researchers across the private sector, including Check Point’s own Tim Otis.
The white paper makes several key points, including…
“EternalBlue Still Impacting Businesses”
Eighteen months since WannaCry and NotPetya wrecked havoc across continents, the leaked state-sponsored tool is still powering modern-day cyber attacks. As the paper notes, cryptomining malware – specifically Adylkuzz and Smominru – relies on the EternalBlue exploit, giving the mining malware a fifth-generation element as it allows for lateral movement within the system.
The patches for EternalBlue have been out for over a year now, which points to a larger problem with cyber hygiene across enterprises.
Crypto-Mining Malware Is the “Canary In The Coal Mine”
As the CTA report aptly puts it, most illicit crypto-mining “takes advantage of lapses in cyber hygiene… to gain a foothold and spread within a network.” Lateral movement is a particular hallmark of the modern day cyber-attack, as nowadays, threat actors just need one crack in the armor to infect your network. Crypto-mining can serve as the vehicle for more nefarious, sophisticated threats, and the presence of crypto-mining malware is often a symptom of larger problems with the system’s overall security.
From Script Kiddies to the Pros: Crypto-Mining Malware
Illicit crypto-miners come in all shapes and sizes: from the novices going after the “low hanging fruit” with easy-to-use malware and browser-based exploits to the advanced hackers that stop mining when the mouse moves in order to evade detection, the CTA report’s section on the current state of crypto-miners is illuminating. Section three, pages 10-15, breaks down the various levels of illicit cryptominers, explaining the difference in mindset and techniques between the “script kiddies” running basic programs and the career cyber-criminals going after IoT-based vulnerabilities while imitating legitimate functions in order to evade detection.
These sections, about the state of illicit cryptomining and the potential impacts, are a testament to the Cyber Threat Alliance. When competitors come together to share their threat intelligence and collaborate against the bad guys, everyone ends up smarter, more prepared, and more secure against these rapidly evolving threats to our businesses.
A Call To Action To Network Defenders
As the report notes, implementing common cybersecurity best-practices can go along way against the threat of illicit crypto-mining. Read the report here for the CTA’s full list of recommendations – the sooner that enterprises, cyber-security vendors, and individuals all get on the same page, the sooner we can all disrupt the cyber-criminals’ chance at turning a profit, financially strangling their operations and making their lives more difficult.