Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Cryptojacking, Mobile Malware Growing Threats to the Enterprise

At the same time, criminal organizations continue to look for new ways to attack their victims.

If exploits and malware were stocks and bonds, the third quarter of 2018 would have been a bull market.

That's the broad takeaway from Fortinet's Q3 2018 "Global Threat Landscape Report," which found malware, exploits, and threats all on the increase. From July through September, unique malware variants grew 43%, while the number of malware families grew by nearly 32%.

Despite those numbers, Anthony Giandomenico, senior security strategist/researcher at FortiGuard Labs, says cryptojacking is one of the more serious threats he's seeing. Giandomenico realizes that many researchers view crypto-jacking as more of an annoyance, but he sees two problems with that view. 

"First, it got into your network. Next, a lot of crypto-jacking malware is bringing down your antimalware software, breaking holes in your firewall, communicating with C&C, and doing other malicious things," he explains.

In addition, "malware stuffing" will be a bigger problem as time goes on, he says. "You see crypto-jacking bundled with ransomware and other malware," Giandomenico says. "I think we'll see this loaded with other malware in the future." The reason for his view is simple: Crypto-jacking may not raise much in the way of revenue, but it's free money, adding a little bit to the criminal's coffers every day until it's discovered.

Another threat with rising impact is mobile malware. "A lot of the bad guys realize that the mobile device in users' hands is a computer just like the one at home or at work. Users let their guard down, and the bad guys are capitalizing on that," he says. The increase in mobile malware can be seen in obvious ways — for example, of the threats organizations faced from all attack vectors, 14% of total malware alerts were Android-related — and in ways that are more subtle.

"Some of the targeted spear-phishing attacks will wait until lunchtime, when the victim will be at lunch, on their mobile phone. Then they'll get the message that looks like it's from a trusted source," Giandomenico says, explaining that it can be much more difficult to fully vet an email message on a small mobile screen than on the screen attached to a desktop computer.

One piece of potentially positive news is that the percentage of encrypted network traffic continues to rise, hitting 72% in the third quarter, up from 55% a year earlier. While encryption makes legitimate traffic harder to intercept and steal, it also makes malicious traffic more difficult to analyze and block. Giandomenico says he's not terribly worried about the latter. "I think more organizations will leverage analytics and machine learning to detect problems in the traffic without getting inside the traffic itself," he adds.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17489
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
CVE-2020-17495
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
CVE-2020-0260
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
CVE-2020-16170
PUBLISHED: 2020-08-11
The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded credentials.
CVE-2020-17487
PUBLISHED: 2020-08-11
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.