令人震驚的統(tǒng)計數(shù)據(jù)表明網(wǎng)絡(luò)犯罪格局正在發(fā)生變化，表明人們越來越關(guān)注加密惡意軟件。

那么，加密惡意軟件到底是什么？

加密惡意軟件是一類惡意軟件，旨在劫持計算機(jī)或設(shè)備的處理能力以挖掘加密貨幣。

加密惡意軟件通過稱為加密劫持的過程來實現(xiàn)這一點。

通常，被盜的處理能力被用來挖掘以隱私為中心的加密貨幣，例如門羅幣（XMR），這些加密貨幣具有先進(jìn)的混淆功能，使當(dāng)局難以追蹤。

也就是說，第一個公開可用的加密劫持腳本由 Coinhive 于 2017 年發(fā)布。該腳本允許網(wǎng)站管理員在其網(wǎng)站上嵌入挖掘代碼，以利用訪問者設(shè)備的計算能力。

這標(biāo)志著一種增長趨勢的開始，加密惡意軟件攻擊在隨后幾年中猛增。

為什么加密惡意軟件攻擊不斷增加，它們是如何進(jìn)行的？

根據(jù)當(dāng)前趨勢，黑客正在從勒索軟件等破壞性網(wǎng)絡(luò)安全攻擊轉(zhuǎn)向被認(rèn)為更加被動的加密惡意軟件攻擊。

網(wǎng)絡(luò)安全專家將這種范式轉(zhuǎn)變歸因于幾個因素。

其中最重要的是，與經(jīng)常引起反犯罪機(jī)構(gòu)注意的勒索軟件攻擊等策略相比，加密劫持攻擊的風(fēng)險相對較低。

而且，加密貨幣挖礦的非法性屬于灰色地帶，使得惡意團(tuán)體更容易逃避審查。

加密惡意軟件攻擊的成本效益是促使黑客團(tuán)體更加關(guān)注竊取處理能力的另一個因素。

竊取處理能力幾乎不需要任何成本，而且戰(zhàn)利品可以很容易地轉(zhuǎn)換成現(xiàn)金，而且復(fù)雜性極低。

這使得加密貨幣劫持對于邪惡團(tuán)體來說非常方便。

此外，與傳統(tǒng)惡意軟件不同，加密劫持攻擊使用難以檢測的低級漏洞，例如瀏覽器漏洞。

物聯(lián)網(wǎng) (IoT) 設(shè)備的廣泛使用是加密惡意軟件攻擊激增的另一個因素。

由于與計算機(jī)相比，物聯(lián)網(wǎng)設(shè)備的安全保障措施通常較弱，因此更容易受到利用。

這使他們成為黑客的主要目標(biāo)。

這一因素?zé)o意中增加了加密惡意軟件攻擊的攻擊面。

加密惡意軟件與勒索軟件

加密惡意軟件和勒索軟件是兩種不同類型的惡意軟件。

加密惡意軟件是未經(jīng)用戶同意在計算機(jī)上挖掘加密貨幣的惡意軟件，而勒索軟件則被黑客用來加密計算機(jī)上的文件并要求支付贖金以進(jìn)行解密。

以下是它們的根本區(qū)別的概述：

加密惡意軟件攻擊如何傳播？

Over the years, black hats have devised numerous ways of compromising computing devices in order to carry out crypto malware attacks. The following is a breakdown of some of the key strategies used by hackers:

Installing crypto-mining code

Injecting crypto-mining malware into a computer is a common tactic used by hackers to exploit the computing resources of compromised devices. In many cases, attackers install the malware on a computer by tricking victims into downloading seemingly innocuous files laden with crypto-mining malware or baiting them into clicking links that lead to malicious websites designed to deliver malware payloads.

In some cases, hacker groups spread the malware through compromised routers, further complicating detection and mitigation efforts.

Injecting crypto mining scripts into ads and websites

Cybercriminals can unleash crypto-mining malware by planting malicious scripts in ads and websites. The scripts typically exploit browser vulnerabilities to force visitors’ computers to mine cryptocurrencies the moment they open the infected pages. This can occur even if the victim refrains from clicking on the infected ads or any trigger elements that are on the website.

Exploiting vulnerabilities in software and operating systems

Hackers regularly exploit vulnerabilities in software and operating systems to install crypto-mining code on victims’ devices. In many cases, they achieve this by taking advantage of known vulnerabilities or employing zero-day exploits.

Some cryptojacking campaigns have also been found to rely on side-loading exploits to install cryptojacking modules that imitate legitimate system processes. Side loading is the injection of code that has not been approved by a developer to run on a device. The technique allows for the deployment of persistent malware, including crypto malware.

Exploiting cloud-based infrastructure vulnerabilities

Hackers have been known to exploit vulnerabilities in cloud-based infrastructure to pilfer their immense processing power for crypto mining.

In some instances, attackers have resorted to using stealthy, fileless payloads to execute crypto malware attacks. The payloads are typically programmed to disappear from memory once cloud workloads are halted, further complicating detection efforts.

Malicious browser extensions

Cybercriminals sometimes use malicious browser extensions to carry out cryptojacking attacks. The extensions, which are often disguised as plugins for legitimate purposes, force victims’ machines to mine digital assets.

The malicious activities of such extensions are typically difficult to detect due to their seemingly legitimate functions.

Symptoms of crypto malware infection

Crypto malware infections can manifest in a number of ways, ranging from the glaringly obvious to the deceptively subtle. The following is a breakdown of some of the telltale signs of a crypto malware infection:

Increased CPU usage

Crypto malware typically tends to target the central processing unit (CPU) of a computer. The CPU is the primary processing component responsible for coordinating a machine’s hardware, operating systems and applications. It utilizes complex electronic circuitry to process instructions from various components.

As such, computers infected with crypto mining malware often experience an anomalous surge in CPU usage. CPU activity can be monitored using the Task Manager on Windows or Activity Monitor on macOS. A sudden and sustained spike in CPU usage, particularly when the system is idle, could indicate a crypto malware infection.

Slow performance

Crypto malware’s heavy reliance on CPU resources often leads to a noticeable decline in overall system performance. The performance issues can be attributed to the overburdening of the CPU with cryptocurrency mining operations.

In the presence of a crypto malware infection, the decline in performance is usually accompanied by secondary problems such as overheating issues, which sometimes force the computer’s cooling system (fans) to work harder to dissipate the heat. Often, this coincides with increased electricity consumption.

Unusual network activity

Unusual computer network activity could indicate a crypto malware infection. This is because crypto malware is usually set up to ping external servers to receive updates and instructions. As a result, irregular network patterns, such as frequent outgoing connections, could indicate potential infections.

Such activities are usually accompanied by the emergence of unfamiliar processes or applications that usually consume more CPU resources than normal.

Protection against crypto malware attacks

Crypto malware attacks can be deterred through various methods. The following is a breakdown of some of them.

Keeping the operating system and software updated

Regularly updating a computer’s operating system ensures that the software has the latest security patches and could deter crypto malware attacks. The rationale behind the precautionary measure is that the updates will prevent cybercriminals from using loopholes in outdated systems to launch attacks.

Install and use reputable antivirus and anti-malware software

Installing robust anti-malware software is a crucial step in deterring cybersecurity threats, including crypto malware. Top-rated anti-malware programs often scan devices regularly for malicious software and use sophisticated detection methods to identify threats, including crypto miners.

Many of the formidable antivirus software also have real-time scanning features that can identify and prevent crypto malware from deploying on a system.

Be cautious with email attachments and links

Email remains a favored medium for cybercriminals to spread malware, including crypto malware. To avoid falling victim to email malware distribution schemes, one should avoid opening attachments or clicking on links in emails from unknown or suspicious sources.

這是因為網(wǎng)絡(luò)犯罪分子經(jīng)常使用欺騙性電子郵件來誘騙用戶在不知情的情況下將加密惡意軟件下載到他們的設(shè)備上。

因此，忽略可疑電子郵件可能有助于避免加密惡意軟件攻擊

只從可信來源下載軟件

從信譽(yù)良好的來源下載軟件可以降低遇到惡意程序的風(fēng)險。

這是因為信譽(yù)良好的平臺通常會經(jīng)過嚴(yán)格的安全檢查，以減少分發(fā)受損軟件的機(jī)會。

另一方面，不可信的網(wǎng)站通常缺乏此類保護(hù)措施，因此可能會分發(fā)包含惡意軟件的軟件，包括加密挖掘惡意軟件。

使用防火墻

防火墻充當(dāng)計算設(shè)備和互聯(lián)網(wǎng)之間的屏障，通常設(shè)置為通過過濾傳入和傳出連接來阻止未經(jīng)授權(quán)的訪問。

添加的安全層使加密惡意軟件更難感染機(jī)器。

安裝反加密劫持?jǐn)U展

安裝專門的反加密劫持瀏覽器擴(kuò)展程序可以幫助檢測和阻止旨在針對瀏覽器元素的加密挖掘腳本。

合法的反加密劫持?jǐn)U展通?？梢栽诠俜綖g覽器開發(fā)者網(wǎng)上商店中找到。

另一種更極端的方法是禁用瀏覽器上的 JavaScript 支持。

緩解措施將阻止執(zhí)行基于 JavaScript 的加密劫持腳本。

未來加密惡意軟件趨勢

根據(jù)當(dāng)前趨勢，記錄的加密惡意軟件攻擊數(shù)量未來可能會增加。

部分原因是執(zhí)法重點轉(zhuǎn)向解決勒索軟件和數(shù)據(jù)泄露等備受矚目的網(wǎng)絡(luò)犯罪。

當(dāng)局關(guān)注的減少可能會助長網(wǎng)絡(luò)犯罪分子的氣焰，并導(dǎo)致加密劫持攻擊的增加。

過去的趨勢表明，網(wǎng)絡(luò)犯罪分子將繼續(xù)開發(fā)新的加密劫持技術(shù)來利用新興技術(shù)中的漏洞。

這種演變可能會給傳統(tǒng)安全解決方案檢測和防止此類攻擊帶來挑戰(zhàn)，至少在開始時是這樣。

最后，用戶對加密劫持及其相關(guān)風(fēng)險的認(rèn)識有限仍然是打擊加密惡意軟件的重大障礙。

缺乏了解往往會導(dǎo)致忽視預(yù)防措施，使更多機(jī)器容易受到攻擊，并導(dǎo)致感染率上升。

熱點：什么是 克里斯 加密 惡意軟件