- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: 2021 Trends in Cryptojacking
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
2021 Trends in Cryptojacking
Since 2019, we have witnessed a steady decline in drive-by cryptominers, the dominant type for the past few years. The decline, which is aligned to the diminishing value of drive-by mining profitability, was hastened by the shutdown of Coinhive in March 2019 and JSECoin in April 2020, as described in last year’s ETL report. However, attackers have moved on to other types of malicious activities when it comes to cryptojacking/cryptomining, with Cisco reporting that 69% of its customers had been affected by cryptomining malware in 2020. According to the same report, cryptomining generated the most DNS traffic out of any other malicious activity.
In March of 2020, a spike in infections was seen, after which the infection rate dropped dramatically. From the second to the last quarter of 2020, the volume of infections increased slowly and this continued in 2021. In the first quarter of 2021, the volume of infections attained a record high compared to the last few years. Other statistics confirm this trend, showing that during the first quarter of 2021, cryptomining malware increased by 117%. This last report links this increase to the growth in 64-bit mining applications. We can conclude that financial gain associated with cryptojacking incentivised the associated threat actors to carry out these attacks. Based on the fluctuating value of cryptocurrency, we assume this will remain an important attack vector over the coming year.
When comparing the exchange rate of Bitcoin with the volume of cryptominers, we clearly see how both are related. As mentioned in the ETL 2021 Ransomware report, threat actors are shifting from Bitcoin, which provides pseudo- anonymity, to using strongly private cryptocurrency such as Monero. Europol reports that cryptocurrencies continue to facilitate payments for various forms of cybercrime, as developments evolve with respect to privacy oriented crypto coins and services.
The following mitigation vectors were mentioned regarding cryptomining related attacks and incidents in the reported period:
-
Monitor battery usage on users’ devices and, in the case of suspicious spikes in CPU usage, scan for the presence of file-based miners.
-
Implement web filtering of common cryptomining protocols, as well as blacklisting the IP addresses and domains of popular cryptomining IP pools.
-
Monitor for network anomalies and block mining protocols.
-
Install endpoint protection by means of anti-virus programs or crypto-miner blocking browser plug-ins.
-
Conduct regular security audits to detect network anomalies.
-
Implement robust vulnerability and patch management to protect against emerging threats and
vulnerabilities.
-
Implement patches and fixes against well-known exploits.
-
Use whitelisting to prevent unknown executables from being executed at the endpoints.
-
Use allow-listing to allow only the execution of known executables on the endpoints.
-
Monitor and block common cryptomining executables.
-
Invest in raising users’ awareness of cryptojacking, especially with regard to secure browsing behaviour.
-
Discuss crypto mining in the context of security awareness training.