Consumer Cybersecurity: Watch for Miners

Consumers are facing cybersecurity threats on virtually every possible endpoint. However, it’s difficult to tell which approaches are used by hackers to lure consumers into a cyber trap. The State of Consumer Cybersecurity 2022 details the top cybersecurity threats that consumers faced in 2021. Condcuted by ReasonLabs, the report found that Trojan viruses were the most prevalent, with Adware and Miners rounding out the top three. Threats coming from phishing documents related to COVID-19 still found their way to users in 2021, most of them occurring in Microsoft Office documents with macros. We spoke with Andrew Newman, CTO and Founder of ReasonLabs.

Cyber Protection Magazine: Andrew, your company ReasonLabs just published a new report, The State of Consumer Cybersecurity 2022. Can you shortly explain what the objective of that report was and the most important findings?

Andrew Newman: The main objective of the report is to shed light on the biggest threats affecting consumers in the world of cybersecurity today. Compared to enterprises, consumers are often far less secure and have fewer resources at their disposal. If consumers are more aware of existing advanced threats, they’ll be more proactive in seeking out next-generation antivirus solutions such as RAV Antivirus. It’s vital that consumers take cybersecurity seriously and educate themselves on common threats, attack vectors, and what they can do to avoid suffering a cyber attack. 

There are many key findings in the report that I believe show why consumers must make cybersecurity a priority in today’s connected age. A few examples include:

  • The prevalence of cryptojackers – over 60% of all Trojans detected last year were miners. Miners can directly affect consumers by causing their electric bills to skyrocket.
  • Infostealers played a major role in 2021 and even 2FA/MFA is not enough to protect against some advanced infostealers.
  • Phishing via Documents and email is still an extremely popular way of delivering malware to unsuspecting consumers. People must be made aware of common phishing tactics to avoid.
  • 2022 has only just begun but we have already witnessed recurring and novel threats. We predict more targeting of unsecured consumers such as tweens and teens, who are highly connected. 

Cyber Protection Magazine: One of the main findings was that Living off the Land (LOL) attacks are on the rise. What are those LOL attacks, how do they work, and why are they particularly dangerous to consumers?

Andrew Newman: Living off the Land (LOL) has been a growing category for a couple of years now for a few reasons. Malware adversaries want to stay undetected for as long as possible. General threats produce different IOCs once they run on the machine, and those IOCs are used to mark them once researchers and AV companies find them. LOLs use techniques that do not generally produce new and unique IOCs – for example, they avoid creating files and instead use programs that already exist on the machine and are generally trusted and signed files, such as PowerShell or WMI. They use these programs to add exceptions to the local firewall, add exclusions to Windows Defender, add persistence mechanisms, alter shortcuts, can download and extract payloads, and so forth. In the past year, we’ve witnessed a steady rise in the number of detections related to LOLBins (Living off the Land Binaries).

Cyber Protection Magazine: Another interesting result was the high percentage of crypto miners. Since that particular malware doesn’t necessarily do any damage to the consumer but can run in the background, is it harder to detect? Also, mining cryptocurrency as a consumer seems not to be a profitable business anymore – if criminals take over consumers’ machines, how many would they need to actually be profitable?

Related:   Cheat Sheet: What is a "DNS" and why should I care?

Andrew Newman: Miners might not produce much hardware damage to the naked eye, but it can damage a consumer’s pockets – the direct effect of coin mining or cryptojacking can be seen in a users’ electricity bill because the affected device(s) will be drawing much more power than normal. Miners are typically harder to detect by the end user since they often run silently in the background. However, most next-generation antivirus solutions such as RAV Antivirus will be able to detect most miners. 

Andrew Newman, CTO and Founder of ReasonLabs

While home consumers might not have enough computing resources by themselves to produce any meaningful profit, criminals on the other hand rely on the number of victims to make their endeavors profitable. While a home consumer could generate say $100 per month mining but only net $5 after electricity consumption, a criminal could net the full $100, and depending on the size of their compromised victims, if it is in the tens of thousands that $100 per user certainly adds up.

Cyber Protection Magazine: The detection rate per user was considerably higher in Russia than in any other country. Do you have any explanation why that would be the case?

Andrew Newman: Malware doesn’t discriminate between end-users – no matter who they are or where in the world they might be. Zero-day exploits and advanced threats such as coin miners or Trojans are distributed all over the world and there are very few countries that are left unaffected. As shown in the report, we see that Russia has suffered many more Macro and Trojan threats, as opposed to, for example, PUP incidents in the US. 

One reason for this might be because our detected data shows that many users in  Russia run cracked software and often cracked software is laced with various forms of malware. Ultimately, the differences noted between Russia and the U.S., or any countries or regions, can be explained by raised awareness, economics, and needs. 

Cyber Protection Magazine: What are the conclusions you draw from this report and how can consumers best protect themselves?

Andrew Newman: With 2021 being the first full year of our COVID-19 ‘new normal’, consumers around the world have only just begun to adjust to being connected virtually 24/7. With people spending more time online, education around the different types of commonly found cyber threats and overall best cybersecurity practices are paramount. 

There will always be some basic ways in which consumers can protect themselves, as well as more technical ways to pre-empt threats. There are certain products available for consumers such as next-generation antivirus solutions like RAV Antivirus, virtual private networks such as RAV VPN, and domain name systems like RAV Saferweb. They are all highly recommended components in order to fully protect a consumer’s endpoints – whether it be a laptop, desktop, tablet, or other handheld devices.

Leave a Reply

Your email address will not be published. Required fields are marked *