Saturday, 22 September 2018

One Hacker Can Make $100M A Year With Evil Cryptocurrency Miners

In the online criminal underworld, a booming industry has been born, with as much as $100 million to be made per hacker. It involves breaking into people's PCs and smartphones, installing malware on the devices and then forcing them to mine Monero, a cryptocurrency that's become increasingly attractive to ne'er-do-wells of late due to its focus on protecting the identities of its owners.

On Tuesday, Cisco's Talos division detailed the extent of the problem. Such is the rise in popularity of cryptomining amongst criminals that it could overtake ransomware as their favorite way of making illicit profit, according to Talos. Why? It's partly because with newer coins like Monero, which is currently worth around $275 per token (known as an XMR), the power needed to mine a vast number of coins at speed is small when compared to the likes of Bitcoin.

Such mining relies on computing power to solve difficult mathematical problems; once they're solved coins are unlocked. The more power hackers can steal from the PCs they compromise, the quicker they can mine coins.

According to Talos data, a typical PC can generate around $0.28 of Monero per day. Where a hacker has control of tens of thousands or even millions of PCs, the profit can be significant, up to $100 million for a single hacker crew, Cisco's security division claimed.

The data backs this up. As the report notes, just a 2,000-strong botnet can generate $568 in Monero per day or $204,400 per year. And in one real-world campaign, a hacker made $184,000, whilst another was observed with enough computing power to potentially hit $262,500 per year.

Moving on from ransomware?

Whilst mining is easy, hacking people's PCs and smartphones (typically done via spam and phishing campaigns) doesn't require any additional action on behalf of the victim, like paying a ransom, beyond opening and installing the malware that silently carries out the mining. So cryptomining makes for a quieter, simpler, more efficient crime than ransomware.

The trend away from ransomware to malicious cryptocurrency mining is something Ryan Olson, intelligence director at cybersecurity firm Palo Alto Networks, has seen in recent months too. "What we're looking at from a near and potentially long-term perspective is the value of a computer that has just a regular old CPU might be more just leaving it quietly running some cryptocurrency miner rather than infecting it with ransomware or some other software that might steal data," Olson told Forbes.

Palo Alto recently detailed an attack that infected between an estimated 15 million and 30 million PCs across southeast Asia, northern Africa and South America. Again, the hackers wanted to use the power from those compromised systems to carry out Monero mining.

Same old tactics

Though illegal cryptocurrency mining is a burgeoning market, much remains the same in the way the criminals are operating. The Talos report noted the origins of this criminal craze were on Chinese and Russian hacking forums. Indeed, the first siting of underground individuals discussing the use of mining botnets was back in November 2016, on a Chinese site.

And they're sticking to tried and tested techniques to infect PCs. Amongst the various campaigns Cisco has seen, one was launched with infected Word documents posing as CVs. The hackers are also using exploit kits, which automatically attempt to infect PCs by attempting to run attacks on a large number of known vulnerabilities, typically from hacked websites. Palo Alto found evidence the 15 million-strong botnet was partly delivered via malicious online advertisements.

It's not just PCs that hackers are recruiting for their mining machinations. In November last year, Forbes spoke with one Russian developer who had the power to turn 100,000 Android phones into cryptocurrency miners. He believed what he was doing was not illegal, and there's some debate about whether anyone would be prosecuted for using up compute power in such a way. (Though without permission, it's illegal to access others' computers in the U.S. and could well be deemed criminal).

For the average user then, sensible hygiene when using the internet on computer or smartphone is recommended. It could go some way to helping killing the criminal cryptomining bonanza.

source: forbes.com 
Legal disclaimer: The insight, recommendations and analysis presented here are based on corporate filings, current events, interviews, corporate press releases, and what we've learned as financial journalists. They are presented for the purposes of general information only. These may contain errors and we make no promises as to the accuracy or usefulness of the information we present. You should not make any investment decision based solely on what you read here.

Creamcoin Marketcap