Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security //


// // //
08:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt

Trend Micro: Cryptomining, Data Breaches Highlight Busy 1H 2018

The rise of design flaws in processors from Intel and other chip-makers and the slowing down of ransomware were key trends in cybersecurity in the first six months of the year.

The first half of the year was marked by a sharp rise in the incidence of malware aimed at mining cryptocurrencies, the stubbornness of ransomware attacks, an increase in data breaches and vulnerabilities in most processors that have been around for a couple of decades. All of that could continue to send ripples throughout the tech industry in the years to come, according to a recent report released by researchers at Trend Micro.

The information in Trend Micro's Midyear Security Roundup 2018, released this week, falls in line with the trend other cybersecurity vendors have been seeing since late last year of cybercriminals moving away from ransomware and into cryptomining, a much less noisy form of cyberattack. (See PowerGhost Cryptomining Malware Targets Corporate Networks.)

"We also saw a noticeable shift away from highly visible ransomware to a more discreet detection: cryptocurrency mining," the authors wrote in the report. "There was also a rise in 'fileless' malware and other threats using nontraditional evasion techniques, as well as an increasing number of data breaches and social engineering email scams. These damaging threats -- from the miners that quietly leech power from victims' devices to the serious vulnerabilities that leave machines open to covert attacks -- split limited security resources and divide the focus of IT administrators."

jaydeep via Pixabay\r\n
jaydeep via Pixabay\r\n

The cybersecurity space in 2017 was marked by ransomware, as in such high-profile events as WannaCry and NotPetya. However, cryptomining began taking off late in the year, and incidents have skyrocketed in 2018. Mining cryptocurrencies like Bitcoin and Monero require a lot of compute power, and cryptomining malware enables bad actors to steal CPU cycles from victims' systems for their efforts.

Trend Micro researchers saw a 141% increase in cryptomining activity during the first six months of the year and detected 47 new miner malware families. They also noted a variety of techniques cybercriminals used to leverage their cryptomining efforts, from malvertising in Google's DoubleClick to the rise of the Necurs exploit kit.

"Unwanted cryptocurrency miners on a network can slow down performance, gradually wear down hardware, and consume power -- problems that are amplified in enterprise environments," they wrote. "IT admins have to keep an eye out for unusual network activity considering the stealthy but significant impact cryptocurrency mining can have on a system."

Ransomware didn't disappear, but it was obvious that cybercriminals had turned their attention to cryptomining and other attacks. There was only a 3% rise in ransomware activity detected by Trend Micro in the first half of the year and a 26% decrease in the number of new ransomware families found, compared to the second half of 2017. (See SamSam Ransomware Nears $6M Mark in Ill-Gotten Gains .)

The analysts said that the increased attention on ransomware from the publicity surrounding the attacks earlier in the year and the improvements in prevention and mitigation methods drove the decline in interest in launching ransomware campaigns among cybercriminals.

The Trend Micro report, relying on numbers from the Privacy Rights Clearinghouse, said there was a 16% increase in the number of reported data breaches in the US between the second half of 2017 and the first six months of this year. That number increased from 224 to 259. Also growing slightly was the number of incidents due to unintended disclosures, rather than hacking.

Fifteen of those were mega-breaches -- incidents where at least a million records were exposed. While the healthcare industry sustained the highest number of breaches, retailers and online merchants saw the largest number of mega-breaches. There also were at least nine incidents outside the US that could be judged mega-breaches.

The researchers noted that the pain sustained by companies hit by data breaches is growing. A mega-breach can cost companies as much as $350 million in damage and response efforts. Now countries are also beginning to institute regulations that carry heavy fines for those found to have improper data management policies. The European Union's General Data Protection Regulation (GDPR), which went into effect in May, is the best known of these regulations. The GDPR can reach as high as 4% of a company's global annual revenue.

Also high on the list of significant security issues were the Meltdown and Spectre vulnerabilities found in processors from the largest chip designers, including Intel, AMD, IBM and Arm. Complicating matters was the fact that the flaws have been in the chips for a couple of decades, making millions of systems vulnerable to attacks.

The design flaws were linked to the way the chips handle "speculative execution," a process done to increase the performance of a system by predicting the path of a particular task in order to find the fastest way to complete it. By exploiting the flaws, cybercriminals can access an operating system's kernel memory. (See Foreshadow-NG Vulnerability Sets Tech Giants Scrambling.)

Intel and others released fixes to the chips, but more variants of the vulnerabilities -- such as 3A, 4 and Foreshadow -- have cropped over the past few months, highlighting the difficulty in addressing the threats.

"Hardware vulnerabilities present a complicated problem for IT admins," the Trend Micro researchers wrote. "Since microprocessors from multiple vendors are affected and vulnerability fixes are released over an extended period, applying firmware patches across all affected devices is more difficult. In addition, some of the patches affect the system performance of older devices, compounding the impact on business operations."

The analysts also found a 30% increase in the number of reported vulnerabilities in supervisory control and data acquisition (SCADA) systems, with many related to human-machine interface software. This posed a threat to critical infrastructure, potentially exposing valuable data to attackers.

"Our data also indicates that more vendors were able to create patches or mitigation methods in time for the corresponding vulnerability announcements," they wrote. "While this is a welcome improvement, the sheer number of discovered vulnerabilities highlights why enterprises in critical infrastructure sectors should stay on top of SCADA software systems and invest in multilayered security solutions."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...