Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security //

Antimalware

9/7/2018
08:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Trend Micro: Cryptomining, Data Breaches Highlight Busy 1H 2018

The rise of design flaws in processors from Intel and other chip-makers and the slowing down of ransomware were key trends in cybersecurity in the first six months of the year.

The first half of the year was marked by a sharp rise in the incidence of malware aimed at mining cryptocurrencies, the stubbornness of ransomware attacks, an increase in data breaches and vulnerabilities in most processors that have been around for a couple of decades. All of that could continue to send ripples throughout the tech industry in the years to come, according to a recent report released by researchers at Trend Micro.

The information in Trend Micro's Midyear Security Roundup 2018, released this week, falls in line with the trend other cybersecurity vendors have been seeing since late last year of cybercriminals moving away from ransomware and into cryptomining, a much less noisy form of cyberattack. (See PowerGhost Cryptomining Malware Targets Corporate Networks.)

"We also saw a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining," the authors wrote in the report. "There was also a rise in 'fileless' malware and other threats using nontraditional evasion techniques, as well as an increasing number of data breaches and social engineering email scams. These damaging threats -- from the miners that quietly leech power from victims' devices to the serious vulnerabilities that leave machines open to covert attacks -- split limited security resources and divide the focus of IT administrators."

The cybersecurity space in 2017 was marked by ransomware, as in such high-profile events as WannaCry and NotPetya. However, cryptomining began taking off late in the year, and incidents have skyrocketed in 2018. Mining cryptocurrencies like Bitcoin and Monero require a lot of compute power, and cryptomining malware enables bad actors to steal CPU cycles from victims' systems for their efforts.

Trend Micro researchers saw a 141% increase in cryptomining activity during the first six months of the year and detected 47 new miner malware families. They also noted a variety of techniques cybercriminals used to leverage their cryptomining efforts, from malvertising in Google's DoubleClick to the rise of the Necurs exploit kit.

"Unwanted cryptocurrency miners on a network can slow down performance, gradually wear down hardware, and consume power -- problems that are amplified in enterprise environments," they wrote. "IT admins have to keep an eye out for unusual network activity considering the stealthy but significant impact cryptocurrency mining can have on a system."

Ransomware didn't disappear, but it was obvious that cybercriminals had turned their attention to cryptomining and other attacks. There was only a 3% rise in ransomware activity detected by Trend Micro in the first half of the year and a 26% decrease in the number of new ransomware families found, compared to the second half of 2017. (See SamSam Ransomware Nears $6M Mark in Ill-Gotten Gains .)

The analysts said that the increased attention on ransomware from the publicity surrounding the attacks earlier in the year and the improvements in prevention and mitigation methods drove the decline in interest in launching ransomware campaigns among cybercriminals.

The Trend Micro report, relying on numbers from the Privacy Rights Clearinghouse, said there was a 16% increase in the number of reported data breaches in the US between the second half of 2017 and the first six months of this year. That number increased from 224 to 259. Also growing slightly was the number of incidents due to unintended disclosures, rather than hacking.

Fifteen of those were mega-breaches -- incidents where at least a million records were exposed. While the healthcare industry sustained the highest number of breaches, retailers and online merchants saw the largest number of mega-breaches. There also were at least nine incidents outside the US that could be judged mega-breaches.

The researchers noted that the pain sustained by companies hit by data breaches is growing. A mega-breach can cost companies as much as $350 million in damage and response efforts. Now countries are also beginning to institute regulations that carry heavy fines for those found to have improper data management policies. The European Union's General Data Protection Regulation (GDPR), which went into effect in May, is the best known of these regulations. The GDPR can reach as high as 4% of a company's global annual revenue.

Also high on the list of significant security issues were the Meltdown and Spectre vulnerabilities found in processors from the largest chip designers, including Intel, AMD, IBM and Arm. Complicating matters was the fact that the flaws have been in the chips for a couple of decades, making millions of systems vulnerable to attacks.

The design flaws were linked to the way the chips handle "speculative execution," a process done to increase the performance of a system by predicting the path of a particular task in order to find the fastest way to complete it. By exploiting the flaws, cybercriminals can access an operating system's kernel memory. (See Foreshadow-NG Vulnerability Sets Tech Giants Scrambling.)

Intel and others released fixes to the chips, but more variants of the vulnerabilities -- such as 3A, 4 and Foreshadow -- have cropped over the past few months, highlighting the difficulty in addressing the threats.

"Hardware vulnerabilities present a complicated problem for IT admins," the Trend Micro researchers wrote. "Since microprocessors from multiple vendors are affected and vulnerability fixes are released over an extended period, applying firmware patches across all affected devices is more difficult. In addition, some of the patches affect the system performance of older devices, compounding the impact on business operations."

The analysts also found a 30% increase in the number of reported vulnerabilities in supervisory control and data acquisition (SCADA) systems, with many related to human-machine interface software. This posed a threat to critical infrastructure, potentially exposing valuable data to attackers.

"Our data also indicates that more vendors were able to create patches or mitigation methods in time for the corresponding vulnerability announcements," they wrote. "While this is a welcome improvement, the sheer number of discovered vulnerabilities highlights why enterprises in critical infrastructure sectors should stay on top of SCADA software systems and invest in multilayered security solutions."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9376
PUBLISHED: 2020-07-09
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-9377
PUBLISHED: 2020-07-09
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-5604
PUBLISHED: 2020-07-09
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remoto attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
CVE-2020-5974
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
CVE-2020-15072
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.