Microsoft Labels Malicious Crypto Mining an ‘Increasing Threat’ as Ransomware Attacks Drop
Microsoft has released a blog post discussing the emerging threat of malicious cryptocurrency miners.
The post from the Windows Defender Research blog noted that the number of enterprise computers encountering unauthorized coin miners doubled from December to January 2018. Microsoft suggest that the reason for this rise is that cyber criminals are moving to this form of attack due to the exponential increase in cryptocurrency valuations. Along the way attackers are ditching ransom and other attacks, which have seen a marked fall.
According to Microsoft, malicious coin mining can come in various forms and can be distributed in many different ways. The largest increase has been in so-called cryptojacking, browser-based coin miners that use background resources to mine when a user visits their URL. However, attackers can also infect computers with unwanted applications, with some able to modify startup settings so that they run every time the infected device is booted.
The post notes that the main issue associated with this form of malicious attack is the loss of computer resources, as coin mining can be a highly intensive process. Corporate networks can see a huge drain on their available resources, although Windows 10 Enterprise customers reportedly benefit from Advanced Threat Prevention -a wider set of security features to tackle malicious attacks.
Whilst Microsoft has noted successes, for example blocking a major attack earlier this month, the blog post outlines the complexity of analyzing whether a miner is a malicious attacker, as many users use the same or similar programs for personal mining purposes.
Microsoft aren’t alone in observing an increasing amount of malicious mining attacks. An investigation by The Citizen Lab last week discovered nationwide attacks in both Egypt and Turkey, with the attackers injecting malicious mining code over non-secured browsing connections. Alongside this development, a report from October last year observed that over 1.5 million devices had been affected at the time. Researchers were in agreement with Micorsoft regarding the causation, citing rising cryptocurrency prices as a driving factor. Popular minable currency Monero, for example, increased from $20 to an all time high of $470 over the course of 2017.
In order to stay protected Microsoft advise security operations personnel to use advanced behavioral and machine learning detection libraries in Windows Defender ATP to identify and eliminate potential threats. Regular users are advised that using Edge for browsing will provide ‘Microsoft-verified security’, and warned to be cautious of third-party applications.
Featured image from Shutterstock.