Crypto Mining Attacks Hit Kazakhstan, Vietnam Hardest, US Least Affected, Kaspersky Says

Kaspersky Labs published a report Wednesday that highlighted the growth of cryptocurrency mining attacks in 2018. The report also traced the methods that illegal miners employ to hack individual and corporate computers, and lists the possible reasons for the predominance of malware attacks in crypto mining industry.

A likely explanation for cybercriminals’ increased interest in crypto mining could be because the malware, once deployed, is difficult to detect or trace back, by both the victims and the police. The report further examined the reasons for the predominance of this type of malware in some regions over others and concluded that regions with a lack legislative framework on pirated and illegally distributed software were more likely to have a larger number of victims of cryptojacking.

"In Algeria and Vietnam, cryptocurrencies are either prohibited or severely restricted under domestic law. Yet Vietnam (13 percent) is third [it is actually second in the list] in the ranking of leading countries by the number of miner attacks, and Algeria (9.3 percent) is sixth. Meanwhile, Iran (7.21 percent), which is presently drafting legislation to govern cryptocurrency and developing plans to issue its own 'coins' is in seventh place," the report said, based on the statistics collected.

Users in the United States were least affected by the attacks, constituting 1.33 percent of the total number identified, followed by users in Switzerland with 1.56 percent and Britain with 1.66 percent. However, countries with relaxed piracy laws like Kazakhstan with 16.75 percentage, Vietnam and Indonesia with 12.87 percent topped the list.

“The more freely unlicensed software is distributed, the more miners there are. This is confirmed by our statistics, which indicates that miners most often land on victim computers together with pirated software,” the report said.

The most common coin, according to the report, amongst all illegally mined cryptocurrencies, is monero. This is due to its "anonymous algorithm," with relatively high market value, and ease of sale since it is accepted by most major cryptocurrency exchanges. The report cited a statistical report that said a total of $175 million has been mined illegally between June 2017 to June 2018, representing around 5 percent of all monero in circulation.

The report compared mining attacks to ransomware — programs that harness the victim’s processing power to enrich cybercriminals — and said that cryptocurrency miners similarly infect computers of unsuspecting users.

"Only in the case of miners, it might be quite a while before the user notices that 70–80 percent of their CPU or graphics card power is being used to generate virtual coins. Encrypted documents and ransomware messages are far harder to miss," the report read.

The different ways by which crypto miners gain access to users' computers and corporate machines include adware (advertising-supported software), hacked games, and other pirated content. Additionally, cybercriminals are also assisted by ready-to-use affiliate programs, open mining pools, and miner builders. The report also highlighted that miners steal computing resources through mining scripts embedded in webpages that start when users open the site in a browser.

Cryptomining hackers not only target individual computers but there is also a separate category of cybercriminals who target the servers of large companies, for which the virus deployment process is considerably more resource-intense.

While outlining the statistics of such attacks, the report said the number of users attacked by cryptocurrency miners grew dramatically in the first three months of 2018. According to Kaspersky, more users were infected in September than in January and “the threat is still current,” though it was not clear if the recent downward crypto market trend would have a corresponding impact on the number of attacks.