Kaspersky solutions detected 40,788 new miner modifications in Q2 2022. According to Kaspersky Security Network data in the Middle East, the number of attempts by attackers to run cryptominers on corporate machines increased in Q2 2022 compared to the previous quarter.
Cryptomining is the process by which users who mine cryptocurrencies use computers, data, codes, and calculations to validate cryptocurrency transactions and earn cryptocurrency in exchange for their efforts. Cryptomining is a resource-intensive and thus costly activity, which is why cybercriminals seek access to other people’s machines in order to mine on them.
Without the device owners’ knowledge, attackers can use compromised devices to generate cryptocurrency. They can steal resources, for example, by sending legitimate-looking emails to endpoint users that encourage them to click on a link that executes code that installs a cryptomining script or program on the victim’s computer. Another method is to inject a script into a website or to deliver an ad to multiple websites. The script is automatically executed when victims visit the website or see the infected ad in their browsers. On the computers of the victims, no code is stored.
In 2019, the Microsoft Store removed eight separate apps that secretly mined cryptocurrency using the resources of whoever downloaded them. Cryptojacking code was discovered on the Los Angeles Times’ Homicide Report page in 2018. In addition, the CoinHive miner was discovered to be running on YouTube Ads via Google’s DoubleClick platform in 2018.
According to Kaspersky data for the Middle East, the number of enterprise computers affected by cryptomining software remained nearly unchanged in Q2 2022 compared to Q1, dropping by 1%. However, over the same time period, the number of attempts by attackers to run cryptominers in the corporate segment increased by 7%.
Saudi Arabia was one of the most affected countries in the region, with the number of affected corporate computers increasing by 15% in Q2 compared to Q1, and the number of attempts to run cryptominers increasing by 88% over the same period.
“Before, cryptomining attacks were primarily an issue for endpoints, targeting desktops and laptops, sometimes – Android smartphones. Today, cryptojacking is expanding to include servers, network, and even IoT devices. Servers are usually higher powered than ordinary PCs and allow for greater mining capacity,” comments David Emm, Principal Security Researcher at Kaspersky. “We see different levels of mining activity in different regions – this is because of different levels of cryptocurrency adoption in countries, but also because of the fluctuations of cryptocurrency exchange rates. Once crypto rises in value, the activity of attackers using miners increases.”
To protect from cryptomining attacks, Kaspersky experts recommend home and enterprise users:
