Light Dark
July 9, 2018 By David Bisson 3 min read

Crypto-mining malware activity grew significantly in the first quarter of 2018, according to new research, suggesting that threat actors are finding this tactic to be more lucrative than traditional ransomware attacks due to the increasing popularity and value of digital currencies.

But this shift doesn’t signal an end to the threat of ransomware — rather, it points to an evolution toward more targeted attacks against specific organizations and industries, such as healthcare, that are most vulnerable and store particularly valuable data.

Cybercriminals Shift Tactics Amid Cryptocurrency Gold Rush

In short, this new trend shows that cybercriminals follow the money. Amid the rising popularity of cryptocurrencies like bitcoin, Monero and Etherium, threat actors have embraced crypto-mining schemes as a way to generate illicit financial gains with the least amount of effort, in the shortest time possible — and at a relatively low risk of discovery.

According to McAfee Labs Threats Report: June 2018, researchers observed more than 2.9 million samples of crypto-mining malware in the first quarter of 2018 — a 629 percent increase from just 400,000 samples in the last quarter of 2017.

“Cybercriminals will gravitate to criminal activity that maximizes their profit,” said Steve Grobman, chief technology officer (CTO) at McAfee, in a June 2018 press release. “With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.”

Troy Mursch, the security researcher behind the website Bad Packets Report, noted that the industry is seeing so many JavaScript-based crypto-miners because most modern browsers run JavaScript. This means that nearly every web user is a target of malicious crypto-jacking attacks.

Alternatively, attackers can maximize their computing power by infecting a server or other network asset with crypto-mining malware. This tactic makes enterprise networks particularly lucrative targets for crypto-jacking campaigns. Also, browser-based crypto-mining doesn’t require attackers to craft an exploit — and the action usually goes undetected so users might not know they’ve been infected for some time.

Why Ransomware Is Down but Not Out

These characteristics of crypto-mining could explain why some attackers have moved away from traditional ransomware. Victims also know when they’ve suffered a ransomware infection and can respond accordingly, which demotivates potential attackers.

But the fact that opportunistic attackers are leaving ransomware behind doesn’t mean the threat is over and done — it’s merely changing. For instance, threat intelligence provider Recorded Future noted that ransomware attack campaigns are becoming more targeted in nature. This is evident in ransomware actors’ penchant for going after healthcare, an industry in which resource deprivation can threaten people’s lives and trigger urgent responses. According to insurance company Beazley Group, healthcare targeting accounted for 45 percent of all ransomware attacks in 2017.

Attackers are also beginning to leverage the mere threat of high-profile ransomware to extract payment. Action Fraud, the U.K.’s cybercrime reporting center, detected one such scam campaign warning users that they had been infected with WannaCry. In actuality, the emails simply aimed to scare recipients into sending a bitcoin payment, limiting the necessity of even distributing malicious software to obtain its gains.

How Companies Can Defend Against Crypto-Mining Malware

Amid the growth of crypto-mining malware and the ongoing evolution of ransomware, enterprises can defend themselves against crypto-mining malware by investing in an endpoint security solution and creating a patch management program.

Because ransomware relies on suspicious emails and software vulnerabilities for distribution, users can guard against its primary attack vectors by following best security practices. Organizations can further defend themselves by regularly updating antivirus software and training employees to refrain from engaging fraudsters over email.

 |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature