A short discussion about what cryptomining malware is, how it gets injected into enterprise infrastructure and what the negative ramifications are.
osterman, matchett, cryptomining, malware, phishing
We are going to talk a little bit about encryption hacking malware mostly about ransomware and some new things are coming along. And in malware having to do with trying to get into the blockchain stuff in bitcoin right. So Mike want you to tell me about this new thing that you just told me about cryptomining malware because that something I haven't really heard much about myself.
Mike Osterman: Yeah we've actually seen a lot of activity here. We saw it some toward the end of 2017, big growth in 2018, and continued big growth today where the bad guys essentially will install cryptocurrency mining malware on various endpoints. One of the issues with cryptomining as well is if it's not is damaging if you will, as ransomware, because it doesn't encrypt anything. It basically sucks up use cycles. And the problem is that the bad guys will install cryptomining softwareon email servers, web servers, even various types of endpoints. Essentially, you know, stealing use cycles. So it doesn't it doesn't steal data but it does steal electricity, it steals the ability for these servers and endpoints to actually do their job. We also see some insiders doing this as well. There was one case where somebody at a major university, an insider, had installed this on the university supercomputer basically because it had the the processing capacity to jump through a lot of these calculations very quickly. So I think we're going to see more of this.
Mike Matchett: Yeah I always wondered what at night what those supercomputers are doing and their you know, their role in the crypto algorithms for bitcoins and trying to see who can pile up the most fortune on the computer side. The guys are laughing so so to be clear when we talk about the cryptocurrency we're not talking about any faults in blockchain or bitcoin or any of those things itself. It's not like theorems at risk. What we're talking about is in order to participate in earn bitcoins you normally would run software on your machine and pay for the power the energy in the time to earn the bitcoin by crunching algorithms for them crunching the encryption. And people are putting cryptomining malware on other people's computers to steal that computer time to do the crunching for them.
Mike Osterman: Exactly.
Mike Matchett: So that's interesting. And I hadn't really thought much about that is that injection or the injection path for that you mentioned e-mail servers. That's something I can get in-browser, browsing to the wrong website, or do I actually have to open something on my on my in my email now to actively install an app? How passive can that be?
Mike Osterman: It can actually be just to use the same mechanisms as you would for any other type of malware can be drive by in a web browser or it can be you know opening an attachment clicking on a link in an email you know through phishing scheme of some sort. So really any malware distribution mechanism can be used forcryptominingmalware as well.
Mike Matchett: I think it actually might even be easier because I'm not trying to necessarily break into the data or the the underlying operating system of the computer I'm getting into. I just wanted to run some code for me.
Mike Osterman: Exactly.
Mike Matchett: And getting some getting another server to run some code for me there's lots of injection paths I could think of that would do that that don't have to go all the way into. You don't have to break the password. I could just as easily get that machine to pick it up and run it and give me the results. Right? That's a very interesting path. I'm gonna have to go look at cryptomining this weekend. Maybe there's a maybe there's a future there for coin miners anyway. So you mentioned just a little bit about ransomware. So I think we should talk about that too. Well what we're while we're on here is ransomware increasing or decreasing. You know there's a big push on ransomware a couple of years ago when people didn't know what it was to say I woke up in the morning and my drives are encrypted and I have to go pay someone to get them unencrypted. Sometimes the payments didn't work. And you know you're paid money and it's gone and you still have encrypted drives. Is that is that coming to a head or are global authorities swooping down on all these ransomware perpetrators what's happening there.
Mike Osterman: Well we saw a huge increase in ransomware in 2017 and then backed off quite a bit in 2018. We didn't see quite as many cases and it wasn't a case of it going away. It was more just sort of a leveling off. You know we still see a lot of ransomware cases. You know last April with the city of Atlanta for example a major ransomware case but we still see a lot of ransomware popping up. It's my opinion we're going to see more ransomware in 2019. And I think that's going to be sort of a low level ransomware type where they're demanding 40 50 60 dollars instead of these huge payments. You know we've seen like the hospital in L.A. a few years ago pay seventeen thousand dollars in Bitcoin. I think we're going to see a fairly low level payments it'll be almost like fine. You don't even think about it. You pay the ransomware and you're done. An important thing because bitcoin is going to rebound a little bit in value this year. I'm starting to see some some inklings of that and also we're seeing examples of this in China right now where you know for sort of cheap ransomware if you will is being distributed to a lot of individuals. I think it's going to make it onto the side of the Pacific and we're going to see more cases of that probably in the second half of the year.
Mike Matchett: Well I feel like I want to be mugged every time I go online now. Dangerous places because you know micropayments get mugged for ransomwareware on that and you have to pay another micropayment. Unleash the commoditization of ransomwareware it's kind of interesting commoditization I think. Well on that note we'll just wrap this one up.
Mike Matchett: I'm Mike Matchett with Small World Big Data.
Mike Osterman: And I'm Michael Osterman with Osterman Research.
Mike Matchett: Thanks for being here guys.