Among cybercriminals: ransomware is out, cryptomining is in.
So argued Craig Williams, director of outreach for Talos, Cisco’s cybersecurity threat intelligence network, in an interview this week at Cisco Live 2018 in Orlando, Fla. With the exception of healthcare and government organizations, which “still pay the ransom way too much,” Williams said most bad actors are finding cryptomining to be a safer and more profitable business model. At least for now.
“The reason they choose cryptomining is that it generates constant profit, it never goes away, and they’re never going to get caught doing it,” he said.
Cryptomining is the process of creating new cryptocurrency by solving highly complex mathematical equations. The act itself is not illegal. But because cryptomining at scale requires enormous computing power, hackers hijack unmonitored computer resources from small businesses, enterprise networks, home computers and even personal electronics like cable television boxes. They turn those resources toward mining cryptocurrencies, especially newer currencies like Monero, which are more amenable to their purposes.
“What these bad guys will do is they’ll get 10,000 to 20,000 machines mining Monero and they’ll make about 25 cents a day per computer,” Williams said. “When you make that network big enough and rely on the fact that it’s never going to be cut off and you’re never going to be caught, all of a sudden that’s a pretty cushy life.”
Malicious Cryptominers Step Lightly in Hijacked Networks
The hackers are careful. They do their malicious cryptomining at no more than 60 percent process capacity and restrict themselves to off hours. As a result, an increase in the electricity bill might be the only sign the average business has of a strain on its network. Even if such an intrusion is discovered, it’s unlikely that authorities will expend resources on it, Williams said. “The FBI will say, ‘We have real crimes to solve.’”
So hackers may have found something close to the perfect crime: profitable, fairly easy to do and nearly undetectable. Consequently, the scale of malicious cryptomining is “massive,” Williams said. In a report on the subject earlier this year, Talos identified millions of infected systems, and it noted that a hacker could generate an income of more than $180,000 by hijacking just 2,0000 machines.
Yet the rise of malicious cryptomining is, in some ways, a relief for security experts like Williams, who noted that damage done to victims by the hijackers is, by design, minor to nonexistent. And it’s good news, really, that many of the world’s smartest cybercriminals have turned to a more benign, if still illegal, way of earning money. A slightly higher electric bill beats a ransomware incident that could wipe out an entire company.
On the other hand, Williams said, “The big bad news here is that these bad guys are going to have a lot more money, and they’re going to use it to fund new developers for more insidious types of malware. But in the meantime, our critical infrastructure is at less risk.”
Read articles and check out videos from BizTech coverage of Cisco Live 2018 here.