Trend Micro: Cryptomining, Data Breaches Highlight Busy 1H 2018

The first half of the year was marked by a sharp rise in the incidence of malware aimed at mining cryptocurrencies, the stubbornness of ransomware attacks, an increase in data breaches and vulnerabilities in most processors that have been around for a couple of decades. All of that could continue to send ripples throughout the tech industry in the years to come, according to a recent report released by researchers at Trend Micro.

The information in Trend Micro's Midyear Security Roundup 2018, released this week, falls in line with the trend other cybersecurity vendors have been seeing since late last year of cybercriminals moving away from ransomware and into cryptomining, a much less noisy form of cyberattack. (See PowerGhost Cryptomining Malware Targets Corporate Networks.)

"We also saw a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining," the authors wrote in the report. "There was also a rise in 'fileless' malware and other threats using nontraditional evasion techniques, as well as an increasing number of data breaches and social engineering email scams. These damaging threats -- from the miners that quietly leech power from victims' devices to the serious vulnerabilities that leave machines open to covert attacks -- split limited security resources and divide the focus of IT administrators."

jaydeep via Pixabay\r\n

The cybersecurity space in 2017 was marked by ransomware, as in such high-profile events as WannaCry and NotPetya. However, cryptomining began taking off late in the year, and incidents have skyrocketed in 2018. Mining cryptocurrencies like Bitcoin and Monero require a lot of compute power, and cryptomining malware enables bad actors to steal CPU cycles from victims' systems for their efforts.

Trend Micro researchers saw a 141% increase in cryptomining activity during the first six months of the year and detected 47 new miner malware families. They also noted a variety of techniques cybercriminals used to leverage their cryptomining efforts, from malvertising in Google's DoubleClick to the rise of the Necurs exploit kit.

"Unwanted cryptocurrency miners on a network can slow down performance, gradually wear down hardware, and consume power -- problems that are amplified in enterprise environments," they wrote. "IT admins have to keep an eye out for unusual network activity considering the stealthy but significant impact cryptocurrency mining can have on a system."

Ransomware didn't disappear, but it was obvious that cybercriminals had turned their attention to cryptomining and other attacks. There was only a 3% rise in ransomware activity detected by Trend Micro in the first half of the year and a 26% decrease in the number of new ransomware families found, compared to the second half of 2017. (See SamSam Ransomware Nears $6M Mark in Ill-Gotten Gains .)

The analysts said that the increased attention on ransomware from the publicity surrounding the attacks earlier in the year and the improvements in prevention and mitigation methods drove the decline in interest in launching ransomware campaigns among cybercriminals.

The Trend Micro report, relying on numbers from the Privacy Rights Clearinghouse, said there was a 16% increase in the number of reported data breaches in the US between the second half of 2017 and the first six months of this year. That number increased from 224 to 259. Also growing slightly was the number of incidents due to unintended disclosures, rather than hacking.

Fifteen of those were mega-breaches -- incidents where at least a million records were exposed. While the healthcare industry sustained the highest number of breaches, retailers and online merchants saw the largest number of mega-breaches. There also were at least nine incidents outside the US that could be judged mega-breaches.

The researchers noted that the pain sustained by companies hit by data breaches is growing. A mega-breach can cost companies as much as $350 million in damage and response efforts. Now countries are also beginning to institute regulations that carry heavy fines for those found to have improper data management policies. The European Union's General Data Protection Regulation (GDPR), which went into effect in May, is the best known of these regulations. The GDPR can reach as high as 4% of a company's global annual revenue.

Also high on the list of significant security issues were the Meltdown and Spectre vulnerabilities found in processors from the largest chip designers, including Intel, AMD, IBM and Arm. Complicating matters was the fact that the flaws have been in the chips for a couple of decades, making millions of systems vulnerable to attacks.

The design flaws were linked to the way the chips handle "speculative execution," a process done to increase the performance of a system by predicting the path of a particular task in order to find the fastest way to complete it. By exploiting the flaws, cybercriminals can access an operating system's kernel memory. (See Foreshadow-NG Vulnerability Sets Tech Giants Scrambling.)

Intel and others released fixes to the chips, but more variants of the vulnerabilities -- such as 3A, 4 and Foreshadow -- have cropped over the past few months, highlighting the difficulty in addressing the threats.

"Hardware vulnerabilities present a complicated problem for IT admins," the Trend Micro researchers wrote. "Since microprocessors from multiple vendors are affected and vulnerability fixes are released over an extended period, applying firmware patches across all affected devices is more difficult. In addition, some of the patches affect the system performance of older devices, compounding the impact on business operations."

The analysts also found a 30% increase in the number of reported vulnerabilities in supervisory control and data acquisition (SCADA) systems, with many related to human-machine interface software. This posed a threat to critical infrastructure, potentially exposing valuable data to attackers.

"Our data also indicates that more vendors were able to create patches or mitigation methods in time for the corresponding vulnerability announcements," they wrote. "While this is a welcome improvement, the sheer number of discovered vulnerabilities highlights why enterprises in critical infrastructure sectors should stay on top of SCADA software systems and invest in multilayered security solutions."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.