14 DAY TRIAL // A new research published by Microsoft shows that cryptocurrency mining is gradually replacing other types of malware attacks, such as ransomware, especially following the boost in value that Bitcoin recorded last year.
Microsoft says it used Windows Defender Advanced Threat Protection (ATP) to collect information on malicious coin mining attempts like Trojanized miners and mining scripts hosted in websites, and it discovered that every month between September 2017 and January 2018, an average of 640,000 systems were compromised.
The company goes on to explain that crypto mining is becoming a trend because cybercriminals can earn money faster than in the case of other attacks, such as ransomware, for instance, where victims need to be convinced to pay for a decryption key.
“Are these two trends related? Are cybercriminals shifting their focus to cryptocurrency miners as primary source of income? It’s not likely that cybercriminals will completely abandon ransomware operations any time soon, but the increase in trojanized cryptocurrency miners indicates that attackers are definitely exploring the possibilities of this newer method of illicitly earning money,” Microsoft says.
Windows Defender already blocking crypto miners
Microsoft explains that crypto miners are often included in exploit kits and rely on a rather complex approach to compromise a system.
One such example is DDE exploits, which themselves include malware and which are detected by Windows Defender as Trojan:Win32/Coinminer. In this case, the attack relies on a Word document that is infected with Exploit:O97M/DDEDownloader.PA and which uses a PowerShell script, itself detected as Trojan:PowerShell/Maponeir.A, to download a Monero miner.
Windows Defender has already been updated to block miners, and the software giant recommends relying on additional solutions to prevent such attacks in the enterprise, including turning to Windows 10 S where Trojanized miners can’t reach systems. Windows 10 S is restricted to the Microsoft Store, so Win32 software can’t be installed, while the only browser available is Microsoft Edge.
