Cryptojacking more valuable than stealing data?

The escalating value of Bitcoin and other cryptocurrency means that cryptojacking can be more valuable to cybercriminals than an organisation's data itself, according to Fortinet's latest Threat Landscape report.

Cryptojacking refers to hijacking an individual or organisation's computing power to mine for cryptocurrencies through malware or website script… with the latter being a legal grey area.

Fortinet's report found that the prevalence of cryptomining malware has grown worldwide. Individuals who access Bitcoin trading websites on work devices are opening their organisations up to risk, as these are the most targeted with malware.

Cryptojacking can take multiple forms, but the report identified three primary trends, each with a unique approach.

The first involves injecting JavaScript into vulnerable websites, the second involves using social engineering to attempt to get victims to download cryptomining malware and the third involves an increase in ransomware demands for alternative cryptocurrencies due to the increasingly unpredictable nature of Bitcoin's value.

The report meanwhile found that attackers are implementing swarm-like capabilities in their cyber attacks while simultaneously targeting multiple vulnerabilities, devices and access points.

There was an unprecedented volume of attacks during the fourth quarter of 2017, with an average of 274 exploits detected per company, up by 82% over the previous quarter. Meanwhile, the number of malware families increased by 25% and unique variants by 19%.

In Australia, attacks are particularly concentrated on the healthcare and education sectors, which could be down to lower than average internet hygiene among users in these sectors as well as the high rates of BYOD use among universities and high schools.

The report also identified an upswing in IoT attack intensity, with three of the top 20 attacks during the quarter targeting IoT devices while exploit activity quadrupled against devices like Wi-Fi cameras.

Other prevalent threats in the APAC region include ransomware, sophisticated malware targeting industrial control systems and stenography attacks — which involve embedding malicious code into images.

Image credit: ©iStockphoto.com/Federico Caputo

Follow us and share on Twitter and Facebook