Cryptomining attacks gain momentum in the Middle East

Kaspersky solutions detected 40,788 new modifications of miners. According to Kaspersky Security Network data in the Middle East, the number of attempts by attackers to run cryptominers on machines in the corporate segment increased in Q2 2022 compared to the previous quarter.

Cryptomining is a process during which users mining cryptocurrencies utilize computers, data, codes, and calculations to validate cryptocurrency transactions and earn cryptocurrency as compensation for their work. Cryptomining is highly resource-consuming and hence expensive to do, which is why cybercriminals seek access to others’ machines to conduct mining on them.

Attackers can use compromised devices to generate cryptocurrency without the device owners’ knowledge. They can steal resources, for example, by sending endpoint users a legitimate-looking email that encourages them to click on a link which runs a code that places a cryptomining script or program on the victim’s computer. Another method is to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers.

In 2019, eight separate apps that secretly mined cryptocurrency with the resources of whoever downloaded them were removed from the Microsoft Store. In 2018, cryptojacking code was discovered within the Los Angeles Times’ Homicide Report page. Also in 2018 the CoinHive miner was found to be running on YouTube Ads through Google’s DoubleClick platform.

Kaspersky data for the Middle East shows that the number of computers in the enterprise sector that were affected by cryptomining software remained almost unchanged in Q2 2022 compared to Q1, dropping by 1%. However, the number of attempts by attackers to run cryptominers in the corporate segment increased by 7% over the same period.

In the region, Saudi Arabia was one of the countries most hit by cryptominers, with the number of affected corporate computers increasing by 15% in Q2 compared to Q1, and the number of attempts to run cryptominers rocketing by 88% over the same period.

“Before, cryptomining attacks were primarily an issue for endpoints, targeting desktops and laptops, sometimes – Android smartphones. Today, cryptojacking is expanding to include servers, network, and even IoT devices. Servers are usually higher powered than ordinary PCs and allow for greater mining capacity,” comments David Emm, Principal Security Researcher at Kaspersky. “We see different levels of mining activity in different regions – this is because of different levels of cryptocurrency adoption in countries, but also because of the fluctuations of cryptocurrency exchange rates. Once crypto rises in value, the activity of attackers using miners increases.”

To protect from cryptomining attacks, Kaspersky experts recommend home and enterprise users:

  • Use reliable endpoint cybersecurity, such as Kaspersky Total Security for home users and Kaspersky Endpoint Security for Business together with Endpoint Detection and Response for enterprise users.
  • Install the latest software updates and patches for your operating system and all applications — especially web browsers.
  • Be alert to the latest cryptojacking trends: cybercriminals are constantly modifying code and coming up with new delivery methods to embed updated scripts and programs onto your computer system. Organizations could save resources by investing in a managed detection and response solution, such as Kaspersky MDR, for a team of professional cybersecurity staff to be proactive and stay on top of the latest cybersecurity threats.
  • Use industrial cybersecurity solutions to prevent cryptomining on smart manufacturing devices and IoT devices.
  • Use browser extensions designed to block cryptojacking: minerBlock, No Coin, and Anti Miner. They install as extensions in some popular browsers.
  • Disable JavaScript: when browsing online, disabling JavaScript can prevent cryptojacking code from infecting your computer.