Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Malware

End of Bibblio RCM includes -->
4/9/2018
09:35 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Malwarebytes: Cryptomining Surges as Ransomware Declines

During the first quarter of 2018, cybercriminals and attackers continued to drift toward cryptomining schemes and away from other malware, such as ransomware, according to a new analysis from Malwarebytes.

The increasing popularity of cryptocurrencies such as Bitcoin, Litecoin and Menero is leading more and more attackers and cybercriminals to invest in a variety of cryptomining schemes, especially ones targeting Android-based devices, according to a new analysis.

In the first quarter of 2018, cryptomining increased at the same time ransomware, which dominated headlines last year thanks to Wannacry, declined, as attackers turned their attention to more lucrative schemes involving different cryptocurrencies, according to new three-month analysis from Malwarebytes released April 9.

However, while cryptomining malware is taking up all the headlines now, spyware remains the number one concern for businesses as it increased 56% from the previous quarter. At the same time, malicious cryptomining increased 27% and is now the second-biggest concern for businesses.

An iframe redirection to RIG EK followed by a noticeable coin miner infection\r\n(Source: Malwarebytes)\r\n
An iframe redirection to RIG EK followed by a noticeable coin miner infection
\r\n(Source: Malwarebytes)\r\n

As other reports have pointed out, the growing popularity and volatility of Bitcoin -- the cryptocurrency hit its peak in December before falling back down -- have attracted speculators, investors and cybercriminals alike. (See Cryptocurrency Crime: The Internet's New Wild West.)

However, the Malwarebytes report shows that this trend in cryptomining malware and scams has continued from 2017 and into this year.

"We have seen cryptomining from multiple sources… you see your traditional cryptocurrency miners and they may be bundled in with some software or PUPs, but in a lot of cases, especially recently, we have seen them pushed through malicious means," Adam Kujawa, director of Malware Intelligence at Malwarebytes, told Security Now.

"We also see this spreading as you would see other malware distributing itself throughout the Internet, so this can include malicious spam attacks, or emails that have attachments that involve some sort of miner, or exploit kits," Kujawa added. "Exploit kits haven't had their heyday since 2016, but we have seen a lot of activity and we have seen them pushing users to download and install cryptocurrency miner or redirect them to a drive-by mining site."

In its report, Malwarebytes points out the growing prevalence of cryptomining malware and other scams that target users' hardware to help mine these cryptocurrencies without their knowing:

Not only are criminals penetrating OSes, browsers, and devices of all kinds, but they are also distributing cryptominers in a rainbow of flavors. Some miners are malware-based, delivered via exploit kit, malspam, and malicious APKs. Others are browser-based, showing up in malicious extensions or drive-by attacks, mining users’ machines without permission. And finally, there are examples of ethical cryptomining, where users are aware of and opt-in to having others mine their CPU/GPU (usually in exchange for an ad-free website experience).

Smartphones, especially Android devices, are also susceptible to cryptomining schemes, including Trojanized apps laced with mining code. Additionally, malicious APKs, which use a file format that installs software on the Android, have modules for specific functionalities, such as SMS spam, as well as miners. (See Android Crypto Mining Attacks Go for Monero .)


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

While these increases in the cryptomining malware attacks have made headlines, they've also drawn the attention of companies such as Google, which is planning to delist Chrome extensions that only mine cryptocurrencies by later this year to cut down on cryptojacking. (See Unknown Document 734998.)

While cryptomining has taken off, ransomware has declined. In the consumer market, Malwarebytes found that the malware declined 35% compared to the previous quarter, although it did increase 28% in the business sector, although the overall volume remains low compared to other attacks.

"It is a big increase on the business side, but it's not going to bring ransomware back to the level it used to be," Kujawa said. "Everyone has been freaking out about ransomware and that's been going on since October 2013 when CryptoLocker came out and now you see that the industry has really leaned in to protect users from it, either by providing backup solutions or anti-ransomware technology, or just good guidance on what you should do if you're hit by ransomware."

Related posts:

— Scott Ferguson, is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1678
PUBLISHED: 2022-05-25
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
CVE-2021-32966
PUBLISHED: 2022-05-25
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP s...
CVE-2021-32989
PUBLISHED: 2022-05-25
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.
CVE-2021-32997
PUBLISHED: 2022-05-25
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 ver...
CVE-2021-35487
PUBLISHED: 2022-05-25
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, dat...