NTT Security's threat research team identified a growing menace in the form of cryptocurrency mining malware that has infected machines over the past three years. The company monitors 40 percent of gl
NTT Security's threat research team identified a growing menace in the form of cryptocurrency mining malware that has infected machines over the past three years. The company monitors 40 percent of global internet traffic and has logged roughly 12,000 separate malware variants designed to hijack computing power for digital currency mining since March 2015.
Attackers distribute this malware through phishing emails, using the same methods that spread conventional threats. Once installed, the software siphons processing power from infected computers to generate cryptocurrency, directing all profits to the malware author while the machine's owner remains unaware.
A separate attack method requires no malware installation. Coinhive, a service based on JavaScript code, allows websites to embed mining functionality into their pages. When visitors load these pages, their computers contribute processing power to generate currency for the site operator. Coinhive pitched this as an alternative revenue stream for publishers seeking to avoid advertising.
Criminals have exploited this technology to conduct unauthorized mining at massive scale. NTT Security found nearly 38,000 websites running Coinhive's code.
"The use of coin miners will grow and become more advanced over time, possibly being built into other malware types such as banking Trojans, as well as ransomware," said Terrance DeJesus, a threat analyst at NTT Security. "There are serious business implications to ignoring this current threat. We are encouraging all companies to be more vigilant of cybersecurity threats to their business. There are often simple and effective ways to mitigate risks, but too often the most obvious things are overlooked."
Monero has emerged as the miners' cryptocurrency of choice. The coin obscures transaction details on its blockchain, making it impossible to trace the movement of funds or identify wallet balances. This opacity makes Monero valuable for criminals. Dark Web marketplaces use Monero widely. Hackers behind last year's WannaCry attack converted a substantial portion of their stolen cryptocurrency from Bitcoin into Monero.
The criminal association has damaged Monero's public image, but the connection demonstrates the coin's capability for maintaining anonymity. Since its launch in 2014 at $2.45 per unit, Monero's price has climbed to $333 at the time of writing, though this represents a pullback from its December peak of $494.16. The combination of privacy and financial gain has led many Monero holders to store the asset for its value rather than use it as a medium of exchange.
NTT Security recommends these steps to protect organizational infrastructure:
Perform regular vulnerability assessments to identify weaknesses. Implement multiple layers of security defense to minimize exposure. Keep systems and devices patched with the latest updates and deploy systems to detect and block intrusions. Train staff to recognize phishing campaigns, suspicious links, and unsolicited attachments. Track network activity for signs of malware and monitor mobile device security closely.
