Game On: IoT, Cryptocurrencies, and Other Cyber Security “Game Changers”
Welcome to Threat Intel’s #WednesdayWisdom column, which aims to help improve your cyber security knowledge and keep you informed on important developments.
VPNFilter — the IoT malware that maintains a persistent presence on an infected device, even after a reboot — was one of the biggest cyber security stories of the last week. It led to the FBI asking everyone to reboot their routers so that they could determine which ones were infected by VPNFilter. Most IoT malware disappears from a device once it is rebooted, so the fact that VPNFilter maintains persistence is unusual. It will be interesting to see if this is a new trend in IoT malware — and a new challenge for security researchers.
IoT malware that can maintain persistence on devices could be a game changer if it is something we see more of, and we have seen many “game changers” in cyber security over the years. “Regular” IoT malware, that disappears on reboot, allowed for the huge DDoS attacks carried out by the Mirai botnet a couple of years ago. These caused widespread havoc, so this is an area that needs to be taken seriously by the cyber security community, companies, and individuals.
One of the biggest game changers on the cyber crime landscape recently has been the surge in the use by cyber criminals of cryptocurrency coinminers, which is something we discussed at length in Symantec’s annual security threat report. Detections of cryptocurrency coinminers jumped by an astonishing 8,500 percent between the beginning and the end of 2017.
There was a huge surge in malicious coin-mining activity at the end of 2017 and into 2018, driven by a variety of factors, including the popularity of cryptocurrencies like Monero that could be mined using “regular” computers. A primary driver was also undoubtedly the huge rise in the value of various cryptocurrencies at the end of 2017. This meant that coin mining became hugely profitable for cyber criminals, and in ways was an “easier” way for cyber criminals, who perhaps traditionally distribute ransomware or banking Trojans, to make money. The release of the Coinhive browser coin-mining service in September made it easy for both legitimate and illegitimate users to perform browser-based coin mining, and this was the area in which we observed the greatest surge in activity. While coin mining had been around before this, it had never attracted this level of interest from cyber criminals, and this surge in coin mining was a game changer in the sense that cyber criminals were taking serious interest in an area they perhaps had not considered seriously before. Whether or not this interest survives any falls in the value of cryptocurrencies like Monero, which is what was being primarily mined by browser-based miners, remains to be seen.
Of course, cryptocurrencies themselves were also a huge game changer for cyber criminals — and, hence, cyber security in general. They made life a lot easier for ransomware criminals, who for the last number of years have typically demanded payment in Bitcoin. This means the money is largely untraceable. Before the introduction of cryptocurrencies it was more difficult for cyber criminals to receive almost-untraceable payments. While prepaid electronic payment systems offered some anonymity, they were difficult to “cash-out” and involved adopting some money laundering steps. Bitcoin, the “original” cryptocurrency in many ways, has been followed by cryptocurrencies like Monero that are completely untraceable and, hence, even more attractive to cyber criminals. Also, as mentioned above, Monero can be mined on regular computers. Bitcoin requires special machines to be mined and it takes a long time, though it is still the highest valued and most widely recognized cryptocurrency.
Cryptocurrencies in many ways facilitated the huge growth we saw in ransomware in recent years, with it being a dominant feature on the cyber crime landscape for the last number of years. In 2016, there were particularly big surges in the ransomware market and, while its growth does seem to have stabilized somewhat in recent times, it is still one of the main features on the cyber crime landscape.
Of course, the issue with dubbing something a game changer is that a trend’s game-changing abilities only become apparent with the passage of time. Sometimes “experts” may dub something a game changer that turns out to just have been a flash in the pan.
There has been much talk of both cloud and AI being the next game changers in cyber security. Companies’ increasing use of the cloud naturally means it is an area that is going to become of greater interest to cyber criminals, and therefore it needs to also be a main area of focus for security researchers too. AI has been touted as something that can help cyber security professionals more easily track threats and hence track down cyber criminals. However, any technology that can be used for good can also be used for evil, so cyber criminals increasingly using AI too may be also something we see in the future.
The next game changer in cyber security? Really, only time will tell.
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cyber security.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.
