t cht lk
t cht lk
Gadi Naveh , Threat Prevention Evangelist at Check Point
I will first explain the changes in cyberattacks that preceded cryptomining malware , how they evolved to the present-day threat and highlight crypto projects that will lead to the next phases of this trend .
Mining money on every attack
An attacker is always aware of the amount of revenue their malware can make and will quickly adapt their technique to deliver the best possible ROI . Most attacks are linked together in a funnel , in which each step needs to pay the previous level for the ‘ leads ’ it provides . The usual funnel will be :
Targets > delivery > infection > monetisation
Each step has a success ratio , such as the percentage of spam emails that bypass spam filters , or the percentage of successful exploits ( that is , the infection rate ) or the rate of click-through on infected files .
The monetisation step has its success rate as well . To earn from an infection , the identity of the target needs to match your attack profile . Think of phishing sites or banking Trojans , the infected user needs to be doing online banking with your supported list of banks which reduces the number of infected users you can cash-in on .
The first malware evolution to use crypto coins for the revenue stream was ransomware . Ransomware doesn ’ t need to adapt to a specific bank . Every target is vulnerable to ransomware , as every machine and user has files of value , which the user will be incentivised to pay a ransom in order to retrieve . Unfortunately for the attacker , the ransom pay-out rate is under 1 % of all infections . This was witnessed in the WannaCry campaign and in our analysis of the Cerber Ransomwareas-a-Service ( RaaS ) campaign .
Cryptomining solves this problem of low returns ( and of course , relatively high-risk ) as now there is no need to steal a user ’ s online banking balance or extort them into paying up . Every mining bot added to your network of miners immediately shares its calculation power with a mining pool and generates revenue for the attacker – in many cases
98 INTELLIGENTCIO www . intelligentcio . com