One in five businesses hit by crypto-mining malware

Cybercriminals are increasingly using illegal crypto-mining malware to develop their revenue streams, according to a new report by Checkpoint Software Technologies.

The H2 2017 Global Threat Intelligence Trends report indicates that during the period July to December 2017, one in five organisations were impacted by crypto-mining malware.

These tools enable cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-user’s CPU power.

The report gives a detailed overview of the cyber-threat landscape in the top malware categories — ransomware, banking and mobile — and is based on data drawn from Check Point’s ThreatCloud intelligence.

Check Point researchers detected a number of key malware trends during the period, including:

• Cryptocurrency miner’s frenzy: The rising public interest in virtual currencies has slowed the mining process, which depends directly on the number of currency holders. This slowdown has led cybercriminals to think of new ways to harness the computation resources of an unsuspecting public.
• Decrease in ‘exploit kits’: During 2017, the use of exploit kits significantly decreased as once exploited platforms became more secure. The rapid response to new vulnerabilities exposed in these products by security vendors and leading browser developers, along with automatic updates of newer versions, have also significantly shortened the shelf life of new exploits.
• Increase in scam operations and malspam: Throughout 2017, the ratio between infections based on HTTP and STMP shifted in favour of SMTP, from 55% in the first half of 2017 to 62% in the second. The increase in the popularity of these distribution methods attracted skilled threat actors who brought with them an advanced practice that included various exploitations of vulnerabilities in documents, especially in Microsoft Office.
• Mobile malware reaches enterprise level: In the last year, several attacks were directed at enterprises originating from mobile devices. This includes mobile devices acting as a proxy, triggered by the MilkyDoor malware, and used to collect internal data from the enterprise network. Another type is mobile malware, such as the Switcher malware, that attempts to attack network elements (eg, routers) to redirect network traffic to a malicious server under the attacker’s control.
   

“The second half of 2017 has seen crypto-miners take the world by storm to become a favourite monetising attack vector,” said Maya Horowitz, Threat Intelligence Group Manager at Check Point.

“While this is not an entirely new malware type, the increasing popularity and value of cryptocurrency has led to a significant increase in the distribution of crypto-mining malware.

“25% of the attacks we saw in this period exploit vulnerabilities discovered over a decade ago, and less than 20% use ones from the last couple of years. So it’s clear that there is still a lot that organisations need to do to fully protect themselves against attacks.”

A full copy of the report can be found here.

Image credit: ©stock.adobe.com/au/Myst

Follow us on Twitter and Facebook