It’s a crypto-minefield out there.

Buzzwords of the 21st century. They come; some go – some stay. Example of the latter: synergy. Remember that one? It used to be bandied about in practically every business presentation given some 15 years ago (apart from mine; no thank you!). And do you recall the Y2K bug? Oh my goodness – that was 18 years ago already :). That too came and went (after having turned out to be much ado about nothing). Out of those that come and stay, there’s… hmmm… leverage, wellness, proactive, paradigm… But I digress.

Back to what I want to talk about today…: specifically tech buzzwords. Which ones spring to mind? Artificial intelligence? Big data? The internet of things? Quantum computing? Or maybe the uber-buzzy cryptocurrencies and bitcoins? These are among the most popular according to Google, too, btw.

Not all buzzwords are silly/nonsense/marketing hype/investor-and-consumer deceiving… sophistry (is that a buzzword? Sure sounds it, but…:). Blockchain is one example. For example, our business incubator is nurturing several blockchain ideas that will change the world for the better in their niches.

Not just to buy Bitcoins but also to sell them

But that’s not what this post is about. Today I want to share my thoughts on the influence of cryptocurrencies on global cybersecurity and how we help users protect themselves from new threats. I’ll also fantasize a little about the future of free internet services and options for monetization of software.

Cryptocurrencies have been the lifeblood of cybercrime for several years already. Indeed, laundering loot stolen with banking Trojans and ransomware is much safer using cryptocurrencies, since they’re hard to trace. Spammers, hackers, chancers and other cybercriminals are raking in enormous sums from their victims. Specialized botnets stealthily employ (half a million!) home computers; smartphones; or servers, and infiltrate supply chains and business software. Last year web mining skyrocketed – scripts that allow to unnoticeably mine cryptocurrencies via a browser when it visits certain websites. Ok, I think you get the picture: the diagnosis is rather alarming; but the prognosis looks even worse. Cybercrime has found in cryptocurrencies a second wind – inspiration for new methods of bad-old robbing folk.

Not that we’re sitting on our hands while all this is going on: we detect and clean up all this crypto-maliciousness. Last year our products prevented 70 million attempts to launch web miners, and protected some 10 million users form various types of mining attacks.

So yes, these days you really do have to watch out for miners, extortionists, spammers and other newly-minted cyberbaddies – not let them swindle you; and that includes by using good protection. We’re closely following the developing situation and are developing new technologies so that users can sleep soundly.

So what does the future hold? How will the cyberthreat landscape change under the influence of cryptocurrencies? How will cryptominers develop, and how will they affect the IT industry.

First (and we’ve already been witnessing this), the cybercrims’ focus will move away from blatant, harsh attacks on users like hacking online banking or encrypting data and then seeking a ransom. Such methods are rather difficult, dangerous, and actually not that effective. Victims get understandably riled, call the police, and experts find a vulnerability in the crypto-algorithm and write a decryptor. In any case an attack is quickly discovered, and there’s no guarantee it brings sufficient profit. All of that means that the cyber-scum will switch to less risky strategies – to mine home computers on the quiet to guarantee slower – but much safer – criminal incomes. Example: The Smominru botnet earned ~$3 million in eight months for its operators.

Second (and this looks to be the most unpleasant thing on the horizon), miners will for sure start to look beyond mere home computers, corporate servers and malicious scripts on websites. Not that they need look far – there’s the whole vulnerable internet of things for them to feast on: IP cameras, smart-homes, fridges, vacuum cleaners, coffee machines and the rest. They’re much easier to recruit into botnets because their security is often frightfully lame as it’s a mere afterthought in the ever-rushed design-to-market race (they also get updated slower generally). And many users still haven’t cracked decent hygiene for the internet of things since there aren’t any special security solutions for it. The Mirai and BrickerBot botnets demonstrated this perfectly: so-called ‘smart’ devices are easy prey since users don’t think about their security.

Third, miners are starting a process of legalization – they’ll creep into both the gray and white zones. In the small print in the licensing agreement (or in a pop-up in the interface), the product will inform the user that it will take a small bite of processor power as payment. Software, hardware, web services, media content – practically everything on the internet can be monetized through the use of mining. The bizarre bit is that everyone will be on for it: users get what they think are ‘free’ products, while the manufacturers just keep counting the money. And should computers be slowed down, it’ll be easy to keep on blaming Windows or the antivirus :).

In closing, I’ll first answer the inevitable question from some of you: No, we aren’t planning on adding miners to our free products (including Kaspersky FREE) – or our paid-for products: none of them! We’re just gonna keep on protecting you, no matter what, as we’ve always done.

READ COMMENTS 5
Comments 5 Leave a note

    Muhammad Ali

    Thank you very much Mr. Eugene Kaspersky for your post. Your post as after reading it gave me lots of answers, and perhaps including to what I asked to you before. I understand the message you gave in between the lines.

    Muhammad Ali

    Thank you very much. We have no worries since you are protecting us. It is really a great work. Always keep protect us like before and now :)

    Norman Hirsch

    coincidentally Electroneum announced today their Android mobile app will mine their Electroneum (ETH) coin in the background.

    Muhammad Ali

    I appreciate your work very much. Well done.

    Jonathan

    Thank you for being one step ahead of cryptomining malware. I was once browsing USA Today’s website and KAV 2018’s Web Anti-Virus component detected a mining script. I decided to look it up myself by hitting F12 Developer tools and I found the offending script.

    It seems that cybercrooks have found ransomware to get less and less lucrative so they hone their focus on mining scripts. I hope Kaspersky AV has taken the consideration of a scenario when a cryptomining script has implemented “pulse width modification” where it will sleep at some time to evade detection and not raise CPU usage that much to not raise suspicion as most known cryptomining scripts rely on raising CPU usage immediately.

Leave a note