Cyber-criminals are increasingly turning to stealthy crypto-mining malware to generate revenue rather than ransomware, according to a new Cisco Talos report.
The security vendor claimed that while ransomware has made its authors healthy sums in the past, it is now very much in the sights of law enforcement and security vendors, which are increasingly able to block the malware.
“There are a couple of limitations with the use of ransomware. First is the fact that only a small percentage of infected users will actually pay the ransom demanded by the attacker,” the report claimed. “Second, as systems and technology get better at detecting and blocking ransomware attacks the pool of possible victims is changing. Potential victims in many countries lack the financial capabilities to pay $300-$500 to retrieve their data.”
There’s also the time and effort necessary to interact with the victim and the “extraneous law enforcement attention that comes with ransomware attacks,” Cisco argued.
Crypto-currency mining, on the other hand, requires a zero-touch approach once the victim is covertly infected with the mining malware. IoT devices in particular offer a relatively unprotected target without direct victim oversight: minimal effort, maximum reward.
“To put the financial gains in perspective, an average system would likely generate about $0.25 of Monero per day, meaning that an adversary who has enlisted 2,000 victims (not a hard feat), could generate $500 per day or $182,500 per year,” explained the vendor.
“Talos has observed botnets consisting of millions of infected systems, which using our previous logic means that these systems could be leveraged to generate more than $100 million per year theoretically.”
Organizations should act now by updating their security policy to work out how the use of miners on enterprise systems should be handled, as they may not be classified as malware.
For those that want to block them, the primary vectors are spam, exploit kits, and direct system exploitation, the firm warned.