The incidence of cryptocurrency mining malware continues to skyrocket as the bad guys refocus their efforts away from ransomware in favor of the easy money that cryptocurrency offers them. The latest evidence of the trend came by way of a new report, released earlier this week, that examined attack data for the first half of 2018.
Cryptojacking numbers dominated the report's highlights, as researchers from Trend Micro showed that the volume of cryptomining attacks for the first half of the year was almost double the number of similar attacks during all of 2017. Comparing like-for-like, the cryptocurrency mining detections increased more than ninefold in the first half of 2018 compared with the first half of 2017. Meantime, the number of ransomware families declined 26% in this year's first half compared with the second half of last year. In addition, ransomware growth slowed considerably, only inching forward by about 3% from the first half of the year compared with the last half of 2017
"The recent change in the threat landscape mirrors what we've seen for years – cybercriminals will constantly shift their tools, tactics, and procedures to improve their infection rates,” said Jon Clay, director of global threat communications for Trend Micro, in a statement.
Meantime, the report showed that unusual malware types, such as fileless, small-file, and macro malware, are all seeing significant upticks. This corresponds to a different report out this week from SentinelOne that shows fileless attacks rose 94% in the first half of 2018.
And, in fact, the trends of fileless malware and cryptocurrency mining malware have been seen to cross over as of late.
Late last month, researchers with Kaspersky reported the growing prevalence of PowerGhost, a fileless malware family that preys on corporate networks to siphon their machines' compute power. As they explained, PowerGhost creators combine the cryptojacking capability of any other malicious miner with the super stealthy characteristics of a fileless malware.
Like any miner, PowerGhost uses your computing resources to generate cryptocurrency. This reduces server and other device performance, as well as significantly accelerates wear and tear, which leads to replacement costs.
However, compared with most such programs, PowerGhost is more difficult to detect because it doesn't download malicious files to the device.
Some experts believe we will see more cryptomining botnets trending in this direction, as corporate systems and networks tend to offer attacker a veritable open buffet of compute power once they can find a way to ingratiate their malware onto machines.
"The latest PowerGhost malware shows there is renewed interest in creating botnets from enterprise workstations and servers," explained Sean Newman, director of product management at Corero Network Security, earlier this month.
He said this is in contrast to a lot of recent botnet attack activity around IoT devices. "With the significantly higher-powered CPUs in these devices, compared to IoT, it's not surprising that they are now the target for compute-intensive cryptomining activities," he added.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio