Cybercriminals are moving away from ransomware and setting their sights on hijacking users’ computing power
Crypto-mining attacks in the first half of this year were up a whopping 956% from those recorded in the same period last year, according to a new report by cybersecurity firm Trend Micro.
The company's Midyear Security Roundup 2018 reveals that cybercriminals are shifting away from ransomware towards the more covert technique of hijacking computing power to mine digital currency.
Speaking to The Daily Swig, Jon Clay, global threat communications director at Trend Micro, believes crypto-mining will maintain its upward progression over the coming months.
“With the wild fluctuations of cryptocurrencies, threat actors may shift their go-to malware to other types, especially if we see valuations drop,” he said.
“But at the moment we still feel this threat will continue to be highly used by threat actors.
“Also, we’ll see an increase in targeting of owners of cryptocurrencies, or the exchanges themselves, as the opportunity to steal more coins is higher here than the prospect of mining coins.”
The trend is borne out by a report from Check Point, which found that more than 42% of organizations worldwide were affected by crypto-mining during the first half of this year –more than twice as many as at the end of 2017.
Targets have included SQL databases, industrial systems, a Russian nuclear plant, and even cloud infrastructure.
Businesses should, Clay says, install a robust, layered security solution on their endpoints and ensure that they have advanced threat detection technologies such as AI and machine learning, as well as traditional techniques like web and email reputation.
"If your system CPU and/or memory appears pegged at 100% usage, you likely could have crypto-mining malware and should run a scan," he said.
Trend Micro says it’s also seen a trend towards more unusual types of malware, such as fileless, macro, and small file malware.
It found, for example, a 250% increase in detections of one particular small file malware, TinyPOS, compared to the second half of last year.
This, it suggests, may be down to the fact that these types of malware are increasingly able to circumvent defenses that use only one type of security protection.
As for the future, Trend Micro is predicting a rise in SCADA attacks, based on the fact that its Zero Day Initiative (ZDI) has disclosed twice as many SCADA vulnerabilities as in 2017.
Clay said: “Our critical infrastructure is a target of threat actors around the globe, and the more responsible disclosures of vulnerabilities, the less likely we’ll see zero-day exploits against the systems and applications running this infrastructure.”