Rasomware-as-a-Service is growing while low-return, mass ransomware attacks are decreasing, according to a new report from security company McAfee Corp.
McAfee’s June 2021 threats report said that cryptocurrency-generating Coin Miner malware attacks grew by 117%, while attacks involving Mirai-based malware variants drove increases in malware targeting Internet of Things (55%) and Linux (38%) systems.
Coin Miner attacks infect compromised systems, producing cryptocurrency using those systems’ computing capacity. The advantage of such attacks for the cybercriminals is that there is no interaction between the criminal and the victim, with the latter sometimes never recognizing the compromise of the system. The only tipoff is slower performance as some of the system’s resources are now producing cryptocurrency rather than all resources being dedicated for the system owner’s use.
The Mirai-based variants are designed to take advantage of vulnerabilities in IoT devices like DVRs, webcams and internet routers. When the compromised IoT devices are connected to their botnet, they can be commandeered to participate in DDoS attacks.
As a result of the move to more complex, and, theoretically, higher payoff attacks, total attacks dropped by half in the first quarter, compared to the same period a year ago.
“Criminals will always evolve their techniques to combine whatever tools enable them to best maximize their monetary gains with the minimum of complication and risk,” said Raj Samani, McAfee fellow and chief scientist, in a prepared statement about the ransomware attacks report. “We first saw them use ransomware to extract small payments from millions of individual victims. Today, we see Ransomware-as-a-Service supporting many players in these illicit schemes holding organizations hostage and extorting massive sums for the criminals.”
Cryptocurrency shouldn’t be limited or outlawed, Samani added. “If we have learned anything from the history of cybercrime, criminals counter defenders’ efforts by simply improving their tools and techniques, sidestepping government restrictions, and always being steps ahead of defenders in doing so. If there are efforts to restrict cryptocurrencies, perpetrators will develop new methods to monetize their crimes, and they only need to be a couple steps ahead of governments to continue to profit.”
Beyond ransomware, companies also need to protect themselves against other malware and insider attacks.