Trend Micro's security researchers documented a surge in cryptojacking attacks during the first seven months of 2018, catching unauthorized mining at rates around 1000 percent above what the company o
Trend Micro's security researchers documented a surge in cryptojacking attacks during the first seven months of 2018, catching unauthorized mining at rates around 1000 percent above what the company observed in the second half of 2017. The findings appear in Trend Micro's H1 2018 report titled "Unseen Threats, Imminent Losses."
Cybercriminals have abandoned the older playbook of malware and ransomware attacks. Cryptocurrency mining appeals to attackers because the malicious code runs in the background, escaping notice from both security tools and end users. This stealth separates it from ransomware, which demands victims' attention through ransom demands.
Trend Micro's analysts described the shift in their report: "Throughout the next few months, we also saw a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining. These damaging threats — from the miners that quietly leech power from victims' devices to the dangerous vulnerabilities that leave machines open to covert attacks — split limited security resources and divide the focus of IT administrators."
When cryptojacking takes hold, the damage spreads across multiple vectors. The attack hijacks a computer's graphics processing unit rather than relying on the central processor, creating performance degradation that manifests as extreme lag and slow response times. The constant computational load generates excessive heat that degrades hardware components. Power consumption spikes. For enterprises managing large networks, these effects multiply across dozens or hundreds of infected machines.
The scale of the problem expands without pause. Trend Micro found that incidents doubled year-over-year, while the researchers identified 47 novel malware families engineered for mining operations. This proliferation demonstrates that criminals see cryptocurrency mining as a sustainable criminal enterprise, not a fleeting opportunity.
The numbers tell the story. Between January and July 2018, Trend Micro documented a 141 percent increase in unauthorized mining incidents. Attackers employed multiple vectors to distribute their code: injecting infected advertisements into websites, embedding mining scripts into AOL's advertising network, purchasing ad placements through Google's DoubleClick platform to distribute ICLoader (an adware downloader), and deploying other malware families.
Throughout 2018, cryptojacking campaigns compromised government websites and high-profile commercial platforms. Most attacks targeted Monero because of its privacy properties and trading liquidity. Monero's anonymity makes it impossible for investigators to trace stolen coins back to the perpetrators, even when criminals route their proceeds through crypto blending services that obscure transaction records before they cash out.
Enterprise security administrators should establish monitoring for telltale indicators: unexpected spikes in power consumption, irregular usage patterns that diverge from baseline operations, and suspicious network activity that falls outside normal parameters.
