Crypto-Mining Hits 42% Of Organisations Worlwide

Uploaded on 2018-08-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Cyber-criminals are aggressively targeting organisations using crypto-mining malware to develop illegal revenue streams, according to Check Point. Meanwhile, cloud infrastructures appear to be the growing target among threat actors.

Between January and June 2018, the number of organisations impacted by crypto-mining malware doubled to 42%, compared to 20.5% in the second half of 2017.

Crypto-mining malware enables cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine crypto-currency, using as much as 65% of the end-user’s CPU power. The top three most common malware variants seen in H1 2018 were all crypto-miners.

In a new trend, Check Point detected an increasing number of attacks targeting cloud infrastructures. With organisations moving more of their IT estates and data to cloud environments, criminals are turning to the cloud to exploit its vast computational power and multiply their profits.

“The first half of this year saw criminals continue the trend we observed at the end of 2017, and take full advantage of stealthy crypto-mining malware to maximise their revenues. We’ve also seen increasingly sophisticated attacks against cloud infrastructures and multi-platform environments emerging.

“These multi-vector, fast-moving, large-scale Gen V attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data,” said Maya Horowitz, Threat Intelligence Group Manager at Check Point.

Crypto-currency miners evolve

In 2018, crypto-miners have been upgraded with vastly improved capabilities, becoming more sophisticated and even destructive. Motivated by a clear interest to increase the percentage of computational resources leveraged and be even more profitable, crypto-miners today target anything that could be perceived as being in their way.

Crypto-miners have also highly evolved recently to exploit high profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates.

Hackers move to the cloud

So far this year, there have been a number of sophisticated techniques and tools exploited against cloud storage services.

Several cloud-based attacks, mainly those involving data exfiltration and information disclosure, derived from poor security practices, including credentials left available on public source code repositories or the use of weak passwords.

Crypto-miners are also, targeting cloud infrastructures to exploit its computational power and multiply profits for threat actors.

Multi-platform attacks on the rise

Up until the end of 2017, multi-platform malware was rare. However, the rise in the number of consumer connected devices and the growing market share of non-Windows operating systems has led to an increase in cross-platform malware. Campaign operators implement various techniques in order to take control over the campaigns’ different infected platforms.

Mobile malware spread via the supply chain

In the first half of this year, there has been several incidences where mobile malware that has not been downloaded from a malicious URL, but instead arrived already installed within the device. In addition, there was an increase in applications readily available on app stores that were actually malware under disguise, including Banking Trojans, Adware and sophisticated remote access Trojans (RATs).

Top Crypto-miners during H1 2018

1. Coinhive (30%) – A crypto-miner designed to perform online mining of the Monero crypto-currency without the user’s approval when a user visits a web page. Coinhive only emerged in September 2017 but has hit 12% of organizations worldwide hit by it.

2. Cryptoloot (23%) – A JavaScript Crypto-miner, designed to perform online mining of Monero crypto-currency when a user visits a web page without the user’s approval.

3. JSEcoin (17%) – Web-based Crypto miner designed to perform online mining of Monero crypto-currency when a user visits a web page without the user’s approval.

Top ransomware during H1 2018

1. Locky (40%) – Ransomware that spreads mainly via spam emails containing a downloader, disguised as a Word or Zip attachment, before installing malware that encrypts the user files.

2. WannaCry (35%) – Ransomware that was spread in a large scale attack in May 2017, utilizing a Windows SMB exploit called EternalBlue, in order to propagate within and between networks.

3. Globeimposter (8%) – Distributed by spam campaigns, malvertising and exploit kits. Upon encryption, the ransomware appends the .crypt extension to each encrypted file.

Top mobile malware during H1 2018

1. Triada (51%) – A Modular Backdoor for Android which grants super-user privileges to downloaded malware, as it helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

2. Lokibot (19%) – A mobile banking Trojan which targets Android smartphones and turns into a Ransomware, upon an attempt of the victim trying to remove its admin privileges.

3. Hidad (10%) – Android malware which repackages legitimate apps and then releases them to a third-party store. It is able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.

Top banking malware during H2 2017

1. Ramnit (29%) – A banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.

2. Dorkbot (22%) – A banking Trojan which steals the victim’s credentials using web-injects, activated as the user tries to login to their banking website.

3. Zeus (14%) – A Trojan that targets Windows platforms and often uses them to steal banking information by man-in-the-browser keystroke logging and form grabbing.

HelpNetSecurity

You Might Also Read: 

Criminal Web-Injects Can Steal Cryptocurrency:

Crypto-Mining Is A Growing Epidemic:

 

« EU Cybersecurity Act Could Impact Cross-Border Data Flows
Quantum Computing Is Becoming Reality »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NetMotion Software

NetMotion Software

NetMotion Software specializes in mobile performance management solutions to manage, secure and support the mobile enterprise.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

Gemserv

Gemserv

Gemserv is a specialist market design, governance and assurance services consultancy.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

Bowbridge

Bowbridge

Bowbridge provides anti-virus and application security solutions for SAP systems.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

British Security Industry Association - CySPAG

British Security Industry Association - CySPAG

CySPAG is a special interest group within the British Security Industry Association (BSIA) focused on reducing the risk of product related cybercrime.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.