Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security //

Antimalware

9/7/2018
08:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Trend Micro: Cryptomining, Data Breaches Highlight Busy 1H 2018

The rise of design flaws in processors from Intel and other chip-makers and the slowing down of ransomware were key trends in cybersecurity in the first six months of the year.

The first half of the year was marked by a sharp rise in the incidence of malware aimed at mining cryptocurrencies, the stubbornness of ransomware attacks, an increase in data breaches and vulnerabilities in most processors that have been around for a couple of decades. All of that could continue to send ripples throughout the tech industry in the years to come, according to a recent report released by researchers at Trend Micro.

The information in Trend Micro's Midyear Security Roundup 2018, released this week, falls in line with the trend other cybersecurity vendors have been seeing since late last year of cybercriminals moving away from ransomware and into cryptomining, a much less noisy form of cyberattack. (See PowerGhost Cryptomining Malware Targets Corporate Networks.)

"We also saw a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining," the authors wrote in the report. "There was also a rise in 'fileless' malware and other threats using nontraditional evasion techniques, as well as an increasing number of data breaches and social engineering email scams. These damaging threats -- from the miners that quietly leech power from victims' devices to the serious vulnerabilities that leave machines open to covert attacks -- split limited security resources and divide the focus of IT administrators."

The cybersecurity space in 2017 was marked by ransomware, as in such high-profile events as WannaCry and NotPetya. However, cryptomining began taking off late in the year, and incidents have skyrocketed in 2018. Mining cryptocurrencies like Bitcoin and Monero require a lot of compute power, and cryptomining malware enables bad actors to steal CPU cycles from victims' systems for their efforts.

Trend Micro researchers saw a 141% increase in cryptomining activity during the first six months of the year and detected 47 new miner malware families. They also noted a variety of techniques cybercriminals used to leverage their cryptomining efforts, from malvertising in Google's DoubleClick to the rise of the Necurs exploit kit.

"Unwanted cryptocurrency miners on a network can slow down performance, gradually wear down hardware, and consume power -- problems that are amplified in enterprise environments," they wrote. "IT admins have to keep an eye out for unusual network activity considering the stealthy but significant impact cryptocurrency mining can have on a system."

Ransomware didn't disappear, but it was obvious that cybercriminals had turned their attention to cryptomining and other attacks. There was only a 3% rise in ransomware activity detected by Trend Micro in the first half of the year and a 26% decrease in the number of new ransomware families found, compared to the second half of 2017. (See SamSam Ransomware Nears $6M Mark in Ill-Gotten Gains .)

The analysts said that the increased attention on ransomware from the publicity surrounding the attacks earlier in the year and the improvements in prevention and mitigation methods drove the decline in interest in launching ransomware campaigns among cybercriminals.

The Trend Micro report, relying on numbers from the Privacy Rights Clearinghouse, said there was a 16% increase in the number of reported data breaches in the US between the second half of 2017 and the first six months of this year. That number increased from 224 to 259. Also growing slightly was the number of incidents due to unintended disclosures, rather than hacking.

Fifteen of those were mega-breaches -- incidents where at least a million records were exposed. While the healthcare industry sustained the highest number of breaches, retailers and online merchants saw the largest number of mega-breaches. There also were at least nine incidents outside the US that could be judged mega-breaches.

The researchers noted that the pain sustained by companies hit by data breaches is growing. A mega-breach can cost companies as much as $350 million in damage and response efforts. Now countries are also beginning to institute regulations that carry heavy fines for those found to have improper data management policies. The European Union's General Data Protection Regulation (GDPR), which went into effect in May, is the best known of these regulations. The GDPR can reach as high as 4% of a company's global annual revenue.

Also high on the list of significant security issues were the Meltdown and Spectre vulnerabilities found in processors from the largest chip designers, including Intel, AMD, IBM and Arm. Complicating matters was the fact that the flaws have been in the chips for a couple of decades, making millions of systems vulnerable to attacks.

The design flaws were linked to the way the chips handle "speculative execution," a process done to increase the performance of a system by predicting the path of a particular task in order to find the fastest way to complete it. By exploiting the flaws, cybercriminals can access an operating system's kernel memory. (See Foreshadow-NG Vulnerability Sets Tech Giants Scrambling.)

Intel and others released fixes to the chips, but more variants of the vulnerabilities -- such as 3A, 4 and Foreshadow -- have cropped over the past few months, highlighting the difficulty in addressing the threats.

"Hardware vulnerabilities present a complicated problem for IT admins," the Trend Micro researchers wrote. "Since microprocessors from multiple vendors are affected and vulnerability fixes are released over an extended period, applying firmware patches across all affected devices is more difficult. In addition, some of the patches affect the system performance of older devices, compounding the impact on business operations."

The analysts also found a 30% increase in the number of reported vulnerabilities in supervisory control and data acquisition (SCADA) systems, with many related to human-machine interface software. This posed a threat to critical infrastructure, potentially exposing valuable data to attackers.

"Our data also indicates that more vendors were able to create patches or mitigation methods in time for the corresponding vulnerability announcements," they wrote. "While this is a welcome improvement, the sheer number of discovered vulnerabilities highlights why enterprises in critical infrastructure sectors should stay on top of SCADA software systems and invest in multilayered security solutions."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3166
PUBLISHED: 2021-01-18
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, r...
CVE-2020-29446
PUBLISHED: 2021-01-18
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5.
CVE-2020-15864
PUBLISHED: 2021-01-17
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...