Cybercriminals are increasingly turning to cryptominers to develop illegal revenue streams, while ransomware and malvertising adware continue to impact organizations worldwide, according to Check Point.
During the period July to December 2017, one in five organizations were impacted by cryptomining malware, tools that enable cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-user’s CPU power.
Key malware trends in H2 2017
Researchers detected a number of key malware trends during the period, including:
Cryptocurrency miners frenzy – While crypto-miners are commonly used by individuals to mine their own coins, the rising public interest in virtual currencies has slowed the mining process, which depends directly on the number of currency holders. This slowdown has increased the computational power needed to mine crypto-coins, which led cybercriminals to think of new ways to harness the computation resources of an unsuspecting public.
Decrease in exploit kits – Up until a year ago, exploit kits used to be a prime attack vector. During 2017 however, the use of exploit kits has significantly decreased as once exploited platforms have become more secure. The rapid response to new vulnerabilities exposed in these products by security vendors and leading browser developers, along with automatic updates of newer versions, have also significantly shortened the shelf life of new exploits.
Increase in scam operations and malspam – Throughout 2017, the ratio between infections based on HTTP and STMP shifted in favor of SMTP, from 55% in the first half of 2017 to 62% in the second. The increase in the popularity of these distribution methods attracted skilled threat actors who brought with them an advanced practice that included various exploitations of vulnerabilities in documents, especially in Microsoft Office.
Mobile malware reaches enterprise level – In the last year, we have witnessed several attacks directed at enterprises originating from mobile devices. This includes mobile devices acting as a proxy, triggered by the MilkyDoor malware, andused to collect internal data from the enterprise network. Another type is mobile malware, such as the Switcher malware, that attempts to attack network elements (e.g. routers) to redirect network traffic to a malicious server under the attacker’s control.
Maya Horowitz, Threat Intelligence Group Manager at Check Point commented: “The second half of 2017 has seen crypto-miners take the world by storm to become a favorite monetizing attack vector. While this is not an entirely new malware type, the increasing popularity and value of cryptocurrency has led to a significant increase in the distribution of crypto-mining malware. Also, there has been a continuation of trends, such as ransomware, that date back to 2016, which is still a leading attack vector, used for both global attacks and targeted attacks against specific organizations. 25% of the attacks we saw in this period exploit vulnerabilities discovered over a decade ago, and less than 20% use ones from the last couple of years.”