The number of malicious cryptocurrency mining attacks increased nearly 85% this year, finds the latest annual security bulletin from cyber vendor Kaspersky Lab.
That’s based on the number of attacks reported by users of Kaspersky’s own software. For the first 3 quarters of this year, 5 million users of Kaspersky security software were attacked by malicious cryptocurrency mining, up from 2.7 million users who were attacked in the first three quarters of last year. Here's the data in a graphic, courtesy of Kaspersky:
Miners infect devices mainly by duping users into installing pirated software, hacked games and unlicensed content, Kaspersky finds.
Mining, if executed properly, can be extremely difficult to detect, making it that much more dangerous. It can take some time before a user notices that their CPU is busy generating virtual coins.
“The easier it is to distribute unlicensed software, the more incidents of malicious crypto-miner activities were detected,” says Evgeny Lopatin, a Kaspersky security expert.
Monero at risk
Other key points in the Kaspersky report:
> Remember USB thumb drives? They are still a common way for cryptocurrency mining attacks to spread.
> The most common coin among all illegally mined cryptocurrencies is Monero. That’s due to its anonymous algorithm, relatively high market value, and ease of sale — it’s accepted by most crypto exchanges. An estimated $175 million worth of Monero has been mined illegally, roughly 5% of all in circulation.
> Mining activity picks up when the value of cryptocurrencies rise, and drops off when their value falls. Apparently, criminals watch the market!
> Worst counties for cryptocurrency mining attacks in 2018? They are Kazakhstan, Vietnam, Indonesia, Ukraine and Russia. At the other end of the scale, the countries suffering the fewest number of attacks this year were the United States, Switzerland and the U.K.
What to do?
If you or your customers use cryptocurrency, Kaspersky has some advice on how to stay safe from mining attacks:
> Keep all software up-to-date. That means always installing software updates when prompted. Even better, automate the process with tools that can detect vulnerabilities, then download and install patches.
> Don’t forget about non-PC systems such a point-of-sale terminals, queue management systems, even vending machines. They can be hijacked to mine cryptocurrency.
> Educate your customers and employees. Tell them how to watch for mining attacks, and reinforce the need to keep sensitive data protected and secure.
Here’s one more: Don’t install any pirated software!
Compared with the highly regulated world of financial services, cryptocurrency is still the wild west. Stay safe out there.