With over 400 million users and around 300 thousand corporate accounts, Kaspersky Lab knows a thing or two about cybersecurity. Over their 20 years in operation, they’ve been recognized as experts in the fight against cybercrime and malware. They’ve also racked up awards from the likes of PC Magazine and AV-Test. Their latest findings on cybercrime and cryptocurrency are a little bit scary.
Cryptojacking Is Spreading like Wildfire
We reported a while back that cryptocurrency mining botnets are becoming an epidemic. Now, according to Kaspersky Lab, cryptojacking continues to spread like wildfire, and most antivirus software isn’t enough to protect your device. One report revealed that Ransomware attacks have dwindled by almost 50 percent. Great news, except that cryptocurrency mining malware is ramping up several gears.
By comparing data from 2016, 2017, and the first quarter of 2018, Kaspersky found that as ransomware declined by 44.6 percent, crypto mining malware soared by 44.5 percent. The reason? Cryptojacking is a less invasive and potentially more profitable way of making money.
Moreover, in 2016, they discovered some 1.87 million illicit mining attacks compared to over 2.7 million by the end of last year. And the numbers continue to grow, particularly since mobile miners are now advancing on the scene. Although, the report recognizes that currently, mobile mining is not as profitable as mining on a PC. Should cybercriminals find a way of increasing its effectiveness, incidents of mobile mining will potentially explode.
The Rise of Illicit Mobile Mining
Ransomware attacks are on the decline due to the fact that they are unsustainable. They provide the attacker with a one-off, one-time payout. While this may be higher than profits made through illicit crypto mining, cryptojacking is longer lasting. In fact, you could easily be cryptojacked without even knowing it. The only trigger would be a slowdown in the performance of your device or a large power bill at the end of the month.
According to Kaspersky Lab, miners will keep on spreading, and the geography and device are essentially indiscriminate. However, since India and China account for around one-third of all smartphones in the world, these countries are likely to be particularly vulnerable when mobile mining takes off in full force.
Anyone for Phishing?
In a further report released this month, Kaspersky Lab found that in addition to cryptojacking, by the end of Q2 of this year, $2.3 million in cryptocurrency had already been stolen through phishing attacks on ICOs. ICOs are a particular target since they are easy prey for hackers. Oftentimes, the fake phishing website is live online before the official project site.
Using social engineering tactics (basically, finding out as much as possible about people and their habits online) hackers can gather enough information to hack into accounts and create parallel sites and phishing emails. Their main target is investors who are looking to get in early on projects and will head to the hoax website first.
Phishing emails are also becoming more sophisticated. All hackers have to do is paste their own Ethereum address in place of the project’s one. So while Monero may be the biggest protagonist in cryptojacking, Ethereum takes the prize for phishing attacks. That’s because many new projects are run on the Ethereum blockchain and receive the funds in Ether.
While fake websites and emails may be the most popular vector for phishing attacks, it’s not uncommon for hackers to use social media or messaging apps like Skype or WhatsApp.
Part of the reason that ICOs are such an easy target is that promoting your ICO also means holding up a huge banner to cybercriminals. You’re basically letting them know you’ll be receiving huge sums of cryptocurrency and when it will take place.
Cast your mind back to the long-awaited Telegram ICO that spurned multiple fake websites and other inventive phishing tactics. By the time the pre-sale had finished, phishing websites had already made sums almost equivalent to the ICO itself.
They Don’t Call It the Wild West for Nothing
If scams and wallet hacks weren’t enough to contend with, you need to be on the lookout for cryptojacking and phishing as well. In some cases, particularly with cryptojacking, you may be unable to prevent becoming a victim. However, you can take certain precautions against both of these types of cybercrimes to stay one step ahead.
Running an anti-phishing software like Kaspersky Lab is a good start (they claim to have thwarted almost 60,000 phishing attempts this year). But that may not be enough. So exercise extra caution when transferring cryptocurrency to anyone. Just because a site starts with HTTPS does not necessarily mean that it is safe. Kaspersky Lab found that HTTPS sites can also contain malicious phishing pages.
Watch out for pop-ups, try running an adblocker to avoid downloading crypto mining malware from a malicious advert, and always go straight to the URL, never click a link from an email. Avoid downloading free content management software, as this is proving a popular vector when it comes to mining botnets.
While you can try installing a plugin for your browser such as Chrome’s NoCoin, according to research by the RWTH Aachen University in Germany, NoCoin is not effective enough at detecting mining botnets. In fact, as much as 82 percent of crypto mining websites go undetected.
If your mother ever told you to look twice before crossing the street or not to talk to strangers, apply the same basic caution online. Always double check websites and emails and don’t overshare. While most people aren’t planning on using your data against you, there’s a rising army of cybercrooks just waiting behind the scenes.
ABOUT THE AUTHOR
More on this topic: Kaspersky Admits To Reaping Hacking Tools From NSA