CryptoJacking Is On The Rise, Ransomware Is On The decline

Cyber ​​criminals are increasingly focusing on taking computing power hostage. They often steal the server capacity of large corporate networks unnoticed via trojans and use that computer power to mine crypto coins. For criminals, this form of malware is often more lucrative than ransomware, where systems, data and files are held hostage for ransom.

This is what Stefaan Hinderyckx, head of the European branch of security supplier NTT , says in an explanation of the ' Global Threat Intelligence Report 2021 '.

Those figures for 2020 show that 41 percent of all malware detected by NTT consisted of 'coin miners'. XMRig is the most common variant (82 percent) and is used to mine cryptocurrency Monero.

Coin miners accounted for 74 percent of malware in Europe, the Middle East and Africa (EMEA). In the US, this species comprises 23 percent of all malware. In the Benelux, 89 percent of the malware detected consisted of coin miners in 2020, compared to 87 percent in Great Britain and Ireland and 65 percent in Germany.

How does crypto mining work?

In illegal crypto mining, also known as cryptojacking, the malware hides on network servers and hijacks the computing power of that device to mine cryptocurrency (online coins). Mining is the process that systems use to confirm transactions on the blockchain . Each time a new transaction is confirmed, another block is created and then a chain of blocks is created to the decentralized administration of those transactions on other systems (the blockchain).  

To mine a cryptocurrency, a computer must be connected to that currency's blockchain network and compete with thousands of other systems to earn cryptocurrency. The faster the hardware and the greater the processing power, the faster it can attempt to mine the currency and the more likely it is that more money will be made from those efforts. Web criminals are therefore constantly looking to hijack systems that are as powerful as possible in order to abuse the computing power of large networks of companies. In a special paper NTT goes on in there.

Production sector is under Production sector is under Attack

Looking at the different sectors, NTT sees that the financial sector, healthcare and the production sector (manufacturing) are the most under attack from web criminals. This shows the increase in attacks on producers. In 2019, seven percent of the attacks were aimed at that group in 2020, compared to 22 percent. The security company therefore measured three times more attacks on that sector than the year before. Ransomware in particular is very lucrative for cyber criminals, Hinderyckx points out.

According to the Belgian, this production sector forms fertile soil for cyber criminals because the ICT environment and the production environment (it and ot) have increasingly merged in recent years. 'Ot (operational technology ed.) Is increasingly linked to the internet and the many protocols in that production environment make it an ultimate' target 'for criminals.'

Web villains who really want to strike are taking that entire supplier chain into the attacks due to the increased connections between manufacturers' systems and their suppliers. In this way they can paralyze both the producer and the suppliers and demand a higher ransom. As an example, the NTT CEO mentions the automotive industry in which manufacturers always have a large number of suppliers. Criminals often penetrate deep into the supply chain through attacks on the VPN .


"Fortunately, cyber criminals are not so malicious that they frequently pounce on hospitals and corona patients."

The number of attacks also increased in healthcare, from 7 percent of all attacks in 2019 to 17 percent in 2020. Fortunately, cyber criminals are not so malicious that they frequently visit hospitals with Covid patients, according to Hinderyckx. Although there are some examples where this happened, such as in Brno, Czech Republic, where criminals tried to paralyze a corona department.

In the corona era, most of the attacks detected in healthcare targeted vaccine makers and developers. NTT saw a lot of interest among state actors in attacks on pharmaceutical companies. For example, AstraZeneca has been attacked several times. The criminals are said to be targeting clinical studies on the effectiveness of the drug and documents in which intellectual property is registered. That intellectual property would then be resold on the black market.

Less Attacks on Government's

The share of attacks on the financial sector rose from 15 to 23 percent. According to NTT, there were noticeably fewer attacks on the government. The value for files with ID and personal data, such as social security numbers in the Netherlands, has probably fallen considerably. The NTT foreman also thinks that governments have improved their backups. He cynically notes that there have been so many hacks in recent years in which ID files have been looted, that this may have resulted in a decrease in the price that criminals can charge for such a file. 

Hinderyckx sees an important trend within ransomware. In addition to encrypting systems and data and asking for ransom, criminals are also increasingly snooping through that data for privacy-sensitive data. They then threaten to disclose that data if payment is not made. In doing so, they increase the pressure to get a ransom.

Previous Post Next Post