Attacks/Breaches

Cryptojacking, Mobile Malware Growing Threats to the Enterprise

At the same time, criminal organizations continue to look for new ways to attack their victims.

If exploits and malware were stocks and bonds, the third quarter of 2018 would have been a bull market.

That's the broad takeaway from Fortinet's Q3 2018 "Global Threat Landscape Report," which found malware, exploits, and threats all on the increase. From July through September, unique malware variants grew 43%, while the number of malware families grew by nearly 32%.

Despite those numbers, Anthony Giandomenico, senior security strategist/researcher at FortiGuard Labs, says cryptojacking is one of the more serious threats he's seeing. Giandomenico realizes that many researchers view crypto-jacking as more of an annoyance, but he sees two problems with that view. 

"First, it got into your network. Next, a lot of crypto-jacking malware is bringing down your antimalware software, breaking holes in your firewall, communicating with C&C, and doing other malicious things," he explains.

In addition, "malware stuffing" will be a bigger problem as time goes on, he says. "You see crypto-jacking bundled with ransomware and other malware," Giandomenico says. "I think we'll see this loaded with other malware in the future." The reason for his view is simple: Crypto-jacking may not raise much in the way of revenue, but it's free money, adding a little bit to the criminal's coffers every day until it's discovered.

Another threat with rising impact is mobile malware. "A lot of the bad guys realize that the mobile device in users' hands is a computer just like the one at home or at work. Users let their guard down, and the bad guys are capitalizing on that," he says. The increase in mobile malware can be seen in obvious ways — for example, of the threats organizations faced from all attack vectors, 14% of total malware alerts were Android-related — and in ways that are more subtle.

"Some of the targeted spear-phishing attacks will wait until lunchtime, when the victim will be at lunch, on their mobile phone. Then they'll get the message that looks like it's from a trusted source," Giandomenico says, explaining that it can be much more difficult to fully vet an email message on a small mobile screen than on the screen attached to a desktop computer.

One piece of potentially positive news is that the percentage of encrypted network traffic continues to rise, hitting 72% in the third quarter, up from 55% a year earlier. While encryption makes legitimate traffic harder to intercept and steal, it also makes malicious traffic more difficult to analyze and block. Giandomenico says he's not terribly worried about the latter. "I think more organizations will leverage analytics and machine learning to detect problems in the traffic without getting inside the traffic itself," he adds.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20735
PUBLISHED: 2019-01-17
** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only...
CVE-2019-0624
PUBLISHED: 2019-01-17
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
CVE-2019-0646
PUBLISHED: 2019-01-17
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
CVE-2019-0647
PUBLISHED: 2019-01-17
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
CVE-2018-20727
PUBLISHED: 2019-01-17
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.