Crypto-Mining Hits 42% Of Organisations Worlwide

Uploaded on 2018-08-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Cyber-criminals are aggressively targeting organisations using crypto-mining malware to develop illegal revenue streams, according to Check Point. Meanwhile, cloud infrastructures appear to be the growing target among threat actors.

Between January and June 2018, the number of organisations impacted by crypto-mining malware doubled to 42%, compared to 20.5% in the second half of 2017.

Crypto-mining malware enables cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine crypto-currency, using as much as 65% of the end-user’s CPU power. The top three most common malware variants seen in H1 2018 were all crypto-miners.

In a new trend, Check Point detected an increasing number of attacks targeting cloud infrastructures. With organisations moving more of their IT estates and data to cloud environments, criminals are turning to the cloud to exploit its vast computational power and multiply their profits.

“The first half of this year saw criminals continue the trend we observed at the end of 2017, and take full advantage of stealthy crypto-mining malware to maximise their revenues. We’ve also seen increasingly sophisticated attacks against cloud infrastructures and multi-platform environments emerging.

“These multi-vector, fast-moving, large-scale Gen V attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data,” said Maya Horowitz, Threat Intelligence Group Manager at Check Point.

Crypto-currency miners evolve

In 2018, crypto-miners have been upgraded with vastly improved capabilities, becoming more sophisticated and even destructive. Motivated by a clear interest to increase the percentage of computational resources leveraged and be even more profitable, crypto-miners today target anything that could be perceived as being in their way.

Crypto-miners have also highly evolved recently to exploit high profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates.

Hackers move to the cloud

So far this year, there have been a number of sophisticated techniques and tools exploited against cloud storage services.

Several cloud-based attacks, mainly those involving data exfiltration and information disclosure, derived from poor security practices, including credentials left available on public source code repositories or the use of weak passwords.

Crypto-miners are also, targeting cloud infrastructures to exploit its computational power and multiply profits for threat actors.

Multi-platform attacks on the rise

Up until the end of 2017, multi-platform malware was rare. However, the rise in the number of consumer connected devices and the growing market share of non-Windows operating systems has led to an increase in cross-platform malware. Campaign operators implement various techniques in order to take control over the campaigns’ different infected platforms.

Mobile malware spread via the supply chain

In the first half of this year, there has been several incidences where mobile malware that has not been downloaded from a malicious URL, but instead arrived already installed within the device. In addition, there was an increase in applications readily available on app stores that were actually malware under disguise, including Banking Trojans, Adware and sophisticated remote access Trojans (RATs).

Top Crypto-miners during H1 2018

1. Coinhive (30%) – A crypto-miner designed to perform online mining of the Monero crypto-currency without the user’s approval when a user visits a web page. Coinhive only emerged in September 2017 but has hit 12% of organizations worldwide hit by it.

2. Cryptoloot (23%) – A JavaScript Crypto-miner, designed to perform online mining of Monero crypto-currency when a user visits a web page without the user’s approval.

3. JSEcoin (17%) – Web-based Crypto miner designed to perform online mining of Monero crypto-currency when a user visits a web page without the user’s approval.

Top ransomware during H1 2018

1. Locky (40%) – Ransomware that spreads mainly via spam emails containing a downloader, disguised as a Word or Zip attachment, before installing malware that encrypts the user files.

2. WannaCry (35%) – Ransomware that was spread in a large scale attack in May 2017, utilizing a Windows SMB exploit called EternalBlue, in order to propagate within and between networks.

3. Globeimposter (8%) – Distributed by spam campaigns, malvertising and exploit kits. Upon encryption, the ransomware appends the .crypt extension to each encrypted file.

Top mobile malware during H1 2018

1. Triada (51%) – A Modular Backdoor for Android which grants super-user privileges to downloaded malware, as it helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

2. Lokibot (19%) – A mobile banking Trojan which targets Android smartphones and turns into a Ransomware, upon an attempt of the victim trying to remove its admin privileges.

3. Hidad (10%) – Android malware which repackages legitimate apps and then releases them to a third-party store. It is able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.

Top banking malware during H2 2017

1. Ramnit (29%) – A banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.

2. Dorkbot (22%) – A banking Trojan which steals the victim’s credentials using web-injects, activated as the user tries to login to their banking website.

3. Zeus (14%) – A Trojan that targets Windows platforms and often uses them to steal banking information by man-in-the-browser keystroke logging and form grabbing.

HelpNetSecurity

You Might Also Read: 

Criminal Web-Injects Can Steal Cryptocurrency:

Crypto-Mining Is A Growing Epidemic:

 

« EU Cybersecurity Act Could Impact Cross-Border Data Flows
Quantum Computing Is Becoming Reality »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Cyberra Legal Services (CLS)

Cyberra Legal Services (CLS)

Cyberra Legal Services provides cyber law advisory, cyber crime consultancy, cyber law compliance audit, cyber security, cyber forensics and cyber training services.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky addresses all the cybersecurity needs of industrial organizations in its Kaspersky Industrial CyberSecurity (KICS) portfolio.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.

CYSEC Global

CYSEC Global

CYSEC Global is a series of summits dedicated to tackle regional cyber security challenges.