Crypto jacking uses a computer’s processing power for mining cryptocurrency without an owner’s knowledge or consent. According to a McAfee Labs report last December, the activity of crypto-jacking malware astonishingly grew 4,467% in 2018.
The report found that 4 million crypto jacking attacks were carried out in Q3 2018, compared to 500,000 in Q3 2017. Another study found that crypto jacking surpassed ransomware as the number one most profitable cyber crime, and that one in three organizations have fallen victim.
This article will discuss three threat vectors that are gaining traction. Make sure to consult with an established and expert managed services provider to improve the security of your company’s IT infrastructure and data.
Emerging IoT Threat
The McAfee report discusses emerging crypto mining malware threats, which now includes a sudden rise of malware targeting IoT (Internet of Things) devices. The increased use of this new breed of mining malware exploiting IoT devices exceeded 70%, while all malware activity grew by more than 200% in the last 12 months.
The increase of crypto mining malware focused on IoT devices was unexpected because of their low CPU processing power. However, cybercriminals took note of their rapid growth in number and typical weak security, and exploiting thousands of the IoT devices simultaneously results in making a supercomputer capable of massive crypto mining.
The McAfee report also discussed how crypto mining has infiltrated MacOS. Named OSX.Dummy, the new crypto jacking malware threat received widespread distribution via crypto mining chat groups. Users of Discord, Slack, and Telegram were tricked into downloading software they thought would perform repairs addressing cryptocurrency software issues. They infected their own devices with OSX.Dummy, which opens a reverse shell on the cyber criminal’s server and provides access to the victims’ compromised systems.
Perhaps the most insidious method emerging is the concealment of crypto jacking malware within legitimate software updates from major companies like Microsoft. In the case of Adobe, a Flash Player update was used to trick users into downloading crypto mining malware.
Alpha Engineering Business Support
Choosing an expert computer technology-support provider is an important decision for your business. Alpha Engineering Associates has been a trusted partner of many companies in the Washington, Baltimore and Annapolis areas since 1990. For affordable client-focused network consulting services and solutions, please call Alpha Engineering Associates today at (410) 295-9500.