Cryptominers Leveraging IoT Devices — McAfee – Technologist
Cryptocurrency mining, or cryptomining, which Webopedia defines as a process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger, has attracted cybercriminals.
A recent report from McAfee revealed that among the threat activities recorded in the third quarter of 2018 involves cryptomining and the internet of things (IoT).
During the period, McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices.
The report noted that IoT devices such as cameras or video recorders have not typically been used for cryptomining because they lack the CPU power of desktop and laptop computers.
“However, cybercriminals have taken notice of the growing volume and lax security of many IoT devices and have begun to focus on them, harnessing thousands of devices to create a mining super-computer,” the report revealed.
McAfee said new malware targeting IoT devices grew 72 percent, with total malware growing 203 percent in the last four quarters. New coinmining malware, on the other hand, grew nearly 55 percent, with total malware growing 4,467 percent in the last four quarters.
Cryptomining malware has also increased 71 percent as miners leverage lax security and the volume of IoT devices.
Threats to IoT target a variety of hardware, including IP cameras, home routers, and smart devices. These threats generally affect Linux-based systems, according to McAfee.
“We would not usually think of using routers or IoT devices such as IP cameras or video recorders as cryptominers because their CPUs are not as powerful as those in desktop and laptop computers. However, due to the lack of proper security controls, cybercriminals can benefit from volume over CPU speed. If they can control thousands of devices that mine for a long time, they can still make money,” the report read.
McAfee Labs, however, noted fewer security incidents in Q3, reporting only 215 publicly disclosed security incidents, a decrease of 12 percent from Q2. Forty-four percent of all publicly disclosed security incidents took place in the Americas, followed by 17 percent in Europe and 13 percent in Asia-Pacific.
Incidents targeting financial institutions rose 20 percent, as McAfee researchers observed an increase in spam campaigns leveraging uncommon file types, an effort to increase chances of evading basic email protections.
Disclosed incidents targeting health care remained stagnant, while the public sector decreased 2 percent, and education sector decreased 14 percent.