Cyber criminals are rapidly adding cryptojacking as a highly profitable new revenue stream, according to Symantec‘s Internet Security Threat Report (ISTR), Volume 23.
Mike Fey, president and COO, Symantec, said: “Cryptojacking is a rising threat to cyber and personal security. The massive profit incentive puts people, devices and organizations at risk of unauthorized coinminers siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”
The report analyses data from the Symantec Global Intelligence Network, which tracks over 700,000 global adversaries, records events from 98 million attack sensors worldwide and monitors threat activities in over 157 countries and territories. Key highlights include:
During the past year, an astronomical rise in cryptocurrency values saw cyber criminals trying to cash in on a volatile market. The UK ranked as the fifth highest country worldwide for coinminer detections. With a low barrier of entry – only requiring a couple lines of code to operate – cyber criminals are harnessing stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. Coinminers can slow devices, overheat batteries, and in some cases, render devices unusable. For enterprise organisations, coinminers can put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.
Darren Thomson, CTO and VP EMEA at Symantec said: “Attackers could be co-opting your phone, computer or IoT device to use them for profit. People need to expand their defenses or they will pay for the price for someone else using their device.”
Symantec found an increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse. Macs are not immune as Symantec detected an 80 percent increase in coinmining attacks against Mac OS. By browser-based attacks, criminals do not need to download malware to a victim’s Mac or PC to carry out cyber attacks, the IT security firm points out.
In 2016, the profitability of ransomware led to a crowded market. In 2017, the market made a correction, lowering the average ransom cost to $522 (less than £374) and signalling that ransomware has become a commodity. Many cyber criminals may have shifted their focus to coinmining as an alternative to cashing in while cryptocurrency values are high. Additionally, while the number of ransomware families decreased, the number of ransomware variants increased by 46 percent, indicating that criminal groups are innovating less but are still very productive.
Malware implanted into the software supply chain increased in 2017. That’s equivalent to one attack every month as compared to four attacks the previous year. Hijacking software updates provides attackers with an entry point for compromising well-guarded networks. The Petya outbreak was the most notable example of a supply chain attack. After using Ukrainian accounting software as the point of entry, Petya used a variety of methods to spread laterally across corporate networks to deploy their malicious payload.
Threats in the mobile space continue to grow year-over-year, including the number of new mobile malware variants which increased by 54 percent. Symantec blocked an average of 24,000 malicious mobile applications each day last year. As older operating systems continue to be in use, this problem is exacerbated. For example, with the Android operating system, only 20 percent of devices are running the newest version and only 2.3 percent are on the latest minor release.
Mobile users also face privacy risks from grayware apps that aren’t completely malicious but can be troublesome. Symantec found that 63 percent of grayware apps leak the device’s phone number. With grayware increasing by 20 percent in 2017, this isn’t a problem that’s going away.
The number of groups executing targeted attack is on the rise. In 2017 Symantec tracked 140 criminal groups using these kinds of attacks. Last year, 71 percent of all targeted attacks started with spear phishing – the oldest trick in the book – to infect their victims. As targeted attack groups continue to leverage tried and tested tactics to infiltrate organisations, the use of zero-day threats is falling out of favour.
