Several recent studies are telling us that illicit cryptomining is becoming a very large threat. This may leave many threat watchers wondering “what happened to ransomware”? After all, 2017 was a huge year for ransomware.
But criminal hacking is a numbers game. There are a limited number of systems susceptible to a given attack. This is why malicious spam needs to be sent in such high volume. But, with ransomware, the hacker must also rely on the victim to pay the ransom. If the ransomware hits a non-critical system, the victim may choose to just reformat the machine. After WannaCry, CYR3CON observed debate within the malicious hacker community about the ransom price associated with WannaCry. This was in the context that the ransom requested was generally too low and that revenue produced by the attack did not meet expectations.
Cryptomining addresses the revenue problem for the hackers. It does not rely on someone making a payment. Rather the monetization is direct. While ransomware was the theft of money from the victim, crytomining is the theft of computational resources. The key is the conversion of those computational resources to cash.
That leads to the problem with cryptomining. The malware must go undetected longer for the hackers to collect. This is why stealthy techniques such as fileless malware are on the rise. The stealth enables the attackers to carry out the attack.
But cryptomining often relies on certain vulnerabilities such as privilege escalation to carry out the attack. In the end, even these stealth, more easy-to-monetize attacks must get on the system.