The latest Security Bulletin 2018 from Kaspersky Lab analyzes threats across the year and finds that "cybercriminals are investing resources in the development of new mining technologies." These new cryptojackers and miners are "gradually replacing ransomware Trojans."
Though Kaspersky has found that the number of general DDoS attacks has declined across the internet, the reason, according to its experts, is most likely to be "the 'reprofiling' of botnets from DDoS attacks to cryptocurrency mining."
Illegal cryptocurrency mining, says Kaspersky, has started to draw as much, or more, attention as ransomware attacks do. It also appears to be a less competitive arena than DDoS attacks. And compared to ransomware threats, cyberjackers are less likely to be reported to authorities.
It's also profitable. Though "hidden mining activity" declines when cryptocurrency prices fall, five percent of all Monero coin has reportedly been generated by illegal cryptomining malware. Monero is popular with illicit actors due to its anonymity, value, and how easy it is to sell and trade. It's estimated that illegal Monero mining has earned attackers around $175 million.
It's increasingly easy for cybercriminals to create mining malware due to the availability of "ready-to-use affiliate programs, open mining pools, and miner builders." Embedding illegal mining scripts in websites is another route followed by illicit actors. The threat is also going unnoticed, Kaspersky warns:
"It might be quite a while before the user notices that 70–80% of their CPU or graphics card power is being used to generate virtual coins."
All the while, mining malware is also becoming more sophisticated. Kaspersky Lab cites cryptomining malware "PowerGhost," which it identified in July 2018, as one threat still present to corporate networks.
According to Kaspersky, such threats are less apparent in the US, which only experiences 1.3 percent of all attacks, and some areas in Europe, where unlicensed computer software is less common. In regions where unlicensed software is prevalent, incidences of mining malware are more frequent. Vietnam accounts for 13 percent of all attacks, for example, despite cryptocurrency use being restricted in the country.