Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security //


08:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt

Trend Micro: Cryptomining, Data Breaches Highlight Busy 1H 2018

The rise of design flaws in processors from Intel and other chip-makers and the slowing down of ransomware were key trends in cybersecurity in the first six months of the year.

The first half of the year was marked by a sharp rise in the incidence of malware aimed at mining cryptocurrencies, the stubbornness of ransomware attacks, an increase in data breaches and vulnerabilities in most processors that have been around for a couple of decades. All of that could continue to send ripples throughout the tech industry in the years to come, according to a recent report released by researchers at Trend Micro.

The information in Trend Micro's Midyear Security Roundup 2018, released this week, falls in line with the trend other cybersecurity vendors have been seeing since late last year of cybercriminals moving away from ransomware and into cryptomining, a much less noisy form of cyberattack. (See PowerGhost Cryptomining Malware Targets Corporate Networks.)

"We also saw a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining," the authors wrote in the report. "There was also a rise in 'fileless' malware and other threats using nontraditional evasion techniques, as well as an increasing number of data breaches and social engineering email scams. These damaging threats -- from the miners that quietly leech power from victims' devices to the serious vulnerabilities that leave machines open to covert attacks -- split limited security resources and divide the focus of IT administrators."

jaydeep via Pixabay\r\n
jaydeep via Pixabay\r\n

The cybersecurity space in 2017 was marked by ransomware, as in such high-profile events as WannaCry and NotPetya. However, cryptomining began taking off late in the year, and incidents have skyrocketed in 2018. Mining cryptocurrencies like Bitcoin and Monero require a lot of compute power, and cryptomining malware enables bad actors to steal CPU cycles from victims' systems for their efforts.

Trend Micro researchers saw a 141% increase in cryptomining activity during the first six months of the year and detected 47 new miner malware families. They also noted a variety of techniques cybercriminals used to leverage their cryptomining efforts, from malvertising in Google's DoubleClick to the rise of the Necurs exploit kit.

"Unwanted cryptocurrency miners on a network can slow down performance, gradually wear down hardware, and consume power -- problems that are amplified in enterprise environments," they wrote. "IT admins have to keep an eye out for unusual network activity considering the stealthy but significant impact cryptocurrency mining can have on a system."

Ransomware didn't disappear, but it was obvious that cybercriminals had turned their attention to cryptomining and other attacks. There was only a 3% rise in ransomware activity detected by Trend Micro in the first half of the year and a 26% decrease in the number of new ransomware families found, compared to the second half of 2017. (See SamSam Ransomware Nears $6M Mark in Ill-Gotten Gains .)

The analysts said that the increased attention on ransomware from the publicity surrounding the attacks earlier in the year and the improvements in prevention and mitigation methods drove the decline in interest in launching ransomware campaigns among cybercriminals.

The Trend Micro report, relying on numbers from the Privacy Rights Clearinghouse, said there was a 16% increase in the number of reported data breaches in the US between the second half of 2017 and the first six months of this year. That number increased from 224 to 259. Also growing slightly was the number of incidents due to unintended disclosures, rather than hacking.

Fifteen of those were mega-breaches -- incidents where at least a million records were exposed. While the healthcare industry sustained the highest number of breaches, retailers and online merchants saw the largest number of mega-breaches. There also were at least nine incidents outside the US that could be judged mega-breaches.

The researchers noted that the pain sustained by companies hit by data breaches is growing. A mega-breach can cost companies as much as $350 million in damage and response efforts. Now countries are also beginning to institute regulations that carry heavy fines for those found to have improper data management policies. The European Union's General Data Protection Regulation (GDPR), which went into effect in May, is the best known of these regulations. The GDPR can reach as high as 4% of a company's global annual revenue.

Also high on the list of significant security issues were the Meltdown and Spectre vulnerabilities found in processors from the largest chip designers, including Intel, AMD, IBM and Arm. Complicating matters was the fact that the flaws have been in the chips for a couple of decades, making millions of systems vulnerable to attacks.

The design flaws were linked to the way the chips handle "speculative execution," a process done to increase the performance of a system by predicting the path of a particular task in order to find the fastest way to complete it. By exploiting the flaws, cybercriminals can access an operating system's kernel memory. (See Foreshadow-NG Vulnerability Sets Tech Giants Scrambling.)

Intel and others released fixes to the chips, but more variants of the vulnerabilities -- such as 3A, 4 and Foreshadow -- have cropped over the past few months, highlighting the difficulty in addressing the threats.

"Hardware vulnerabilities present a complicated problem for IT admins," the Trend Micro researchers wrote. "Since microprocessors from multiple vendors are affected and vulnerability fixes are released over an extended period, applying firmware patches across all affected devices is more difficult. In addition, some of the patches affect the system performance of older devices, compounding the impact on business operations."

The analysts also found a 30% increase in the number of reported vulnerabilities in supervisory control and data acquisition (SCADA) systems, with many related to human-machine interface software. This posed a threat to critical infrastructure, potentially exposing valuable data to attackers.

"Our data also indicates that more vendors were able to create patches or mitigation methods in time for the corresponding vulnerability announcements," they wrote. "While this is a welcome improvement, the sheer number of discovered vulnerabilities highlights why enterprises in critical infrastructure sectors should stay on top of SCADA software systems and invest in multilayered security solutions."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Post a Comment
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-14
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTR...
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.