Malware motivation: what do attackers want with your devices?


There’s a certain immunity from hackers and other cyber attackers that people might think they have, simply because their computers and other devices are, well, boring. You might think that if you don’t have state secrets or payment card information or revealing pictures stored in obvious places on your laptop or tablet, you have nothing that would interest anyone with malicious intent.

However, what anyone with an internet-connected device needs to know is that for the most part, attackers are trying to make money, and they can do exactly that with your internet-connected device. Forget your Etsy password, they’ve got bigger fish to fry – and they’re doing it with your computer.

Botnet building

There’s a reason DDoS protection has shot to the top of the must-have security solution list for websites and businesses of all sizes. According to a survey from the Hartford Steam Boiler Inspection and Insurance Company released in the fall of 2017, over one-third of businesses in the United States experienced a distributed denial of service attack in the past year. This is the cyber equivalent of attackers bolting the doors shut on one-third of all brick and mortar stores at some point over the course of a year.

Attackers are able to deny the services of a website to its users or customers through the use of a botnet. A botnet is a network of devices that attackers have infected with malware in order to allow them to control those devices en masse. Using the large amount of traffic or requests that can be generated all at once with this collection of devices, the person controlling the botnet can overwhelm a target website and keep it from being accessed by legitimate users.

DDoS attacks are potential money-makers for the attackers behind botnets in two ways. Professional attackers can use powerful botnets for targeted attacks on high-value victims in competitive industries, like online gambling or online gaming websites, collecting paychecks from the competitors willing to stoop to cyberattack levels. More frequently, botnets are used in DDoS-for-hire services, which allow the average person to pay a fee in order to aim the botnet at their chosen target simply by pasting in a URL.

Either way, attackers have been making bank off DDoS botnets for years, and they’re doing so by indiscriminately infecting computers and other devices with malware – all without device owners ever knowing. Recently attackers have found a new way to make money from infected devices, and it isn’t quite as sneaky.

Working in the (crypto)mines

A major part of cryptocurrency transactions on blockchain technology is having those transactions verified by computers completing complex equations. As a reward for completing these equations and verifying transactions, the people behind the computers solving the equations receive fractions of cryptocurrency coins. This is called cryptomining, or cryptocoin mining.

With cryptomining, the more computing resources a person can devote to verifying transactions, the more digital money he or she can make. You can probably see where this is going by now, but the newest trend in remotely controlling devices involves cryptomining malware.

Up until recently, if attackers were attempting a remote code execution attack on your computer, it was probably to try and get your computer to download malware that would allow it to be controlled in a DDoS botnet. With cryptocurrency being the hot new trend, the numbers have swung wildly, and 88% of remote code execution attacks are now related to cryptomining malware that would allow your computing resources to be devoted to verifying cryptocurrency transactions so attackers can rack up those coins.

Unlike with DDoS botnets, you’re likely to know your device has been overtaken by cryptomining malware because nearly all of its computing power will be devoted to verifying transactions, leaving you unable to do anything else with your device.

Preventing device takeover

Stopping remote code execution attacks is a war that needs to be fought on multiple fronts. A lot of malware is able to gain a foothold on devices by first infecting vulnerable web application servers and then infecting devices that access those web applications.  Web application servers always need to be fully patched with up-to-date security. A web application firewall (WAF) should be considered, as it can provide virtual patching that protects against zero-day vulnerabilities and pick up any slack if available patches aren’t applied in a timely manner.

In order to protect their own devices, users need to be wary about which web applications they use. Further, a device’s operation system and browser should always be fully updated and patched. Installing a personal firewall should also be considered, as should anti-virus or anti-malware programs. As with many security issues, keeping different sets of usernames and passwords for different web applications is helpful, as is regularly changing those passwords. As far as downloading applications goes, always download from the official App Store or Google Play Store, and inspect an app’s permissions before you download it to your device to ensure you aren’t allowing an application to do things it has no business doing.

No matter how boring your device may be, there’s always going to be someone trying to make a buck using it. Keep your internet-connected gadgets secure and support legitimate entrepreneurs instead, the kind that will sell you a product or service instead of just stealing your computing resources.