Story image

Ransomware’s decline equals cryptomining’s rise

19 Mar 2019

ESET’s Security Days Conference recently took place in Sydney, with a focus on the reduction of ransomware and the subsequent rise in cryptomining.

With these topics in mind, the conference looked into new security challenges facing organisations and governments, and the reality of online safety, for organisations and consumers alike. 

“There’s a disconnect between the way users protect themselves in real life and how they protect themselves online. Consumers, employees, and managers all need to remember that what happens online can have real-life security repercussions,” says UNSW Cyber Canberra director Nigel Phair.
“Cautious people look both ways before the crossing the street so they don’t step in front of cars. Similarly, users need to double-check their activities online, think before they click, and exercise secure and responsible cybersafety methods.”

While traditional, mass-distributed, and mostly untargeted ransomware is on the decline, largely due to successful developments in cybersecurity procedures and products, many attackers have shifted to more effective strategies, like cryptojacking. 

“Low-end hackers, or ‘script kiddies,’ have moved away from ransomware attacks that demand a payment in exchange for compromised data. This is because hackers experience a greater return by quietly infiltrating an organisation’s network, and discreetly mining cryptocurrencies using their victims’ computing and electrical power,” says ESET senior research fellow Nick FitzGerald.

“Cyptomining compromises aren’t obvious to organisations in the way ransomware events are. In fact, cryptomining attacks can continue for several days, weeks, or even months before being detected and disrupted. Plus, every machine successfully compromised by a cryptominer immediately starts earning the cybercriminal behind it something from the outset. This is a more attractive outcome than ransomware attacks, where only a small amount of victims usually pay up.”

FitzGerald says that ironically, the overall decline in ransomware attacks and increase in cryptomining might mean that enterprises are under increased threat if they do become victim of a ransomware attack. This is because despite the lower rates of ransomware attacks, remaining ransomware attacks tend to be developed and actioned by more focused, determined cybercriminals.

“An extreme form of this is cybercriminals who attack company networks via remote desktop protocol (RDP). If RDP access is only protected with a username and password, attackers can make mass, repeated attempts to guess these, particularly when there’s no rate-limiting mechanism in place to restrict multiple wrong-guesses,” says FitzGerald.

“This type of reformed, enterprise ransomware attack can be very effective, and compromise entire organisations’ networks. In 2018, a family of ransomware called SamSam compromised a range of healthcare and government entities, most successfully by brute-forcing RDP endpoints. Cybercriminals behind the attack demanded substantially larger ransom payments than those in run-of-the-mill ransomware attacks.”

In more everyday scenarios, successful cybercriminals can often gain access to restricted networks because employees unintentionally, and unknowingly, feed them pathways into the system.

“Hacker tricks like business email compromise (BEC) can see fake emails, disguised as legitimate ones from colleagues, fool people into making bogus payments,” says FitzGerald.

“Often, these emails appear to come from a manager’s account to their finance team, and request a large payment to a certain account, or inquire into confidential finance account or employee data details.”

According to FitzGerald, many cybercriminals behind BEC scams even have the ability to compromise corporate mail servers, or executives’ accounts on hosted services, so they can genuinely access, and send, emails directly from the targeted executives’ real business email. 

“It’s important to avoid victim-blaming endpoint users. What matters is that users can identify red flags and suspicious activity, even in the seemingly mild form of an unusual email from a colleague,” says FitzGerald.

“Organisations need to improve their security training, and encourage employees to exercise the same level of caution online as they would in real life. However, organisations also need to improve their overall resilience, and implement strong rules to prevent ransomware or cryptomining attacks, for instance, ensuring payment requests are only authorised over the phone, or in-person. Organisations’ daily and business procedures need to significantly improve so they can recognise and resist increasingly sophisticated attacks.

Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.