Kaspersky Labs has been growing in stature since its inception in 1997. The cybersecurity and anti-virus provider naturally keeps a close eye on market trends to better combat threats. In a recent blog post, they have noticed a trend which suggests that botnets have started being re-purposed for distribution of illicit crypto mining software. The malware looks to secretly reallocate the infected machine’s processing power to mine different cryptocurrencies.
In a Kaspersky security bulletin, Evgeny Lopatin analysed a number of interesting facts. The report stated that the crypto mining attack skyrocketed in the first quarter of the year. As the value of cryptos began to fall off these attacks also petered off. However, the data also shows that there were more users infected recently in September, than at the start of the year. Data is still being collected and research is ongoing to see if this is a current threat, with the massive recent drop in crypto prices.
DDoS Vs Crypto Mining
While the co-relation of crypto prices and infection rates is being better understood, according to Kaspersky, there is no doubt that there has been a visible drop in distributed denial of service (DDoS) attacks. This the report feels is the consequence of cybercriminals changing their tact and “reprofiling of botnets from DDoS attacks to cryptocurrency mining.”
Discussing the likelihood of re-purposed bots, Evgeny said,
“Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining. For example, the DDoS activity of the Yoyo botnet dropped dramatically, although there is no data about it being dismantled.”
The report has warned that this sort of interest is more than likely to increase. This is because this sort of software, once distributed, is harder to detect and track, by both victims and the security agencies.
The Lab has identified and cataloged, different types of software; most of them found to be re-configuring the infected computer’s processor usage to allocate a minuscule amount to mining. Thus the attacker can use the processing power for mining and earning money with the user none the wiser.
Where Are These Attacks Happening?
The data also suggested that such type of malware was more prevalent in certain regions while mostly unsuccessful in others. For instance, developed economies with a strong framework were the least affected. Users in the U.S.A, only 1.33 percent of the total number were affected, and the statistics were similar for people in Britain and Switzerland.
At the other end of the spectrum countries with a developing economy such as Kazakhstan, Vietnam and Indonesia, with noticeably lax laws on piracy were the worst affected. This is also independent of specific crypto laws of the land.
The report stated,
“The more freely unlicensed software is distributed, the more miners there are. This is confirmed by our statistics, which indicates that miners most often land on victim computers together with pirated software.”
Thus malware distribution and growth seems to be directly linked to the regions legislative framework on pirated and illicitly distributed software.
The bulletin summed up the highlights of this year. Its investigation suggests that as the value and popularity of cryptocurrencies continue to surge, cybercriminals are also focusing their interest in developing new mining technologies, in place of ransomware Trojans.
While this illegal mining activity is tied to cryptocurrency prices, it is not dependent on factors such as domestic legislative control or cost of electricity. These attacks are perpetrated during the download of unlicensed content or installation of pirated software. Consequently, countries with poor regulations and a low level of overall digital literacy, are worst affected.