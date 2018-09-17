By Anand Ramamoorthy

The world has far evolved from the good old barter system to the modern day currency exchange.

Currency, whether cash or credit, is a crucial necessity of our daily lives. However, it is affected by various factors like inflation, economic changes, recession, etc.

Ever since Bitcoin became mainstream and a worldwide phenomenon, more people than ever are increasing their stakes in the cryptocurrency gamble.

The last year witnessed a cryptocurrency explosion and Bitcoin's value skyrocketed to almost $20,000 per coin. Although relatively less common than ransomware, illegal mining had an explosive resurgence in late 2017 and early 2018.

Cybercriminals have now recognized the popularity of these exchanges and have started targeting them.

In the last six months, several malware developers seem to have drifted away from ransomware to illegally mining cryptocurrency.

According to McAfee Global Threat Intelligence, ransomware attacks declined 32 percent in the first quarter of 2018 from the fourth quarter of last year, while illegal coin mining shot up by 1,189 percent.

The ever- growing interest in illegal mining and stealing of cryptocurrencies correlates with the increased value of these currencies.

Why this Big Shift?

Ransomware, which was once the weapon of choice for many cybercriminals, now has a rival -- cryptomining.

Ransomware is a type of malware that can infect your processors and devices, can lock you out of your own systems, and then demand a ransom from you to unlock them.

The activity is continuous and involves a high risk of detection. As opposed to ransomware, illegal cryptomining attacks get away almost undetected, allowing attackers to use compromised systems to mine cryptocurrencies for as long as they desire.

These attacks are comparatively easier to deploy as opposed to ransomware

attacks. Illegal cryptomining is arguably a victimless crime - the attackers are borrowing someone else's computing power and bandwidth to mine cryptocurrency.

Settle and Steal in the background

Miners need several machines to crank through the complex algorithms that lead them to digital gold. So, instead of investing in expensive hardware, criminals have now designed malware to steal

computing power from regular users' devices.

They do this by dispensing risky mobile apps, taking advantage of faults in existing software, or even by using drive-by downloads embedded in online

ads.

Malware-infected ads, also known as "Malvertising" have developed into a popular network for distributing these "miners". A hacker simply needs to drop a cryptomining code onto your system without your knowledge through an infected link or through a file.

Make hay while the sun shines

Hackers are resourceful beings. Compared to well-established cybercriminal activities like data theft and ransomware, cryptomining is simpler, more straightforward, and less risky. All a criminal needs to do is infect loads of systems and begin monetizing the attack by illegally mining using the victim’s computing power.

There are no middlemen involved, no fraud schemes, and there are no victims who need to be provoked to pay. The anonymous nature of it has made it attractive for criminals. Thus, more cybercriminals leverage cryptomining as a profitable channel for generating illicit profits.

As the value and quantity of digital currencies have escalated, so have the risks. Crypto-related malware has spiked over the last year, breaking the top 10 most frequently found malware families.

Malware generally comes disguised as Word or Excel documents in spam emails or zipped attachments. Phony, but tempting filenames encourage victims to open these documents, leading to infection.

On any browser, both on your desktop and mobile, constantly use an adblocker - Always install an ad-blocking or anti-cryptomining extension on your web browser.

Since cryptojacking scripts are often distributed via web ads, installing an ad blocker can be effective in blocking them.

Always protect your computer with an antivirus solution- Use endpoint protection/antivirus that is capable of detecting known crypto miners.

Antivirus is one of the ‘must haves’ on endpoints to try to protect against crypto mining. If it’s known, there’s a good chance it will be detected.

Always update your software, since most cryptojacking takes place due to inefficiency related vulnerabilities.

Always use strong passwords or a secure password manager so, in the event of an attack, your personal information is not compromised.

Cryptocurrency is still a relatively new concept and citizens are just getting the grasp of it. It still has significant obstacles to overcome, before it can totally replace more established currency systems.

Some view it as a digital wallet of sorts to make payments instantly, some as a complex trading mechanism, while others see it as a remunerative stealing platform. If you feel your device is slower than usual, it could be caused by the new culprit in town.

(The writer is Managing Director, South Asia, McAfee)