Cybercriminals Evolving Malware to Exploit Cryptocurrencies

Cybercriminals today seem to be more interested in evolving new malware to do cryptomining, as per a recent study report.

The findings of the latest Global Threat Landscape Report by Fortinet reveal that cybercriminals today are more interested in hijacking systems and then using them for cryptomining rather than holding them to get ransom from the users. The report also says that the criminals are focused on evolving attack methods to ensure better success rates and to accelerate infections.

Here’s a look at the highlights of the Fortinet Global Threat Landscape Report:

Criminals evolving new methods to ensure better success rates- Cybercriminals are now improving their methods of using malware, intending to better the speed and the scale of attacks. They also seek to exploit zero-day vulnerabilities announced newly. The first quarter of 2018 saw a drop of 13 percent in exploit detection per firm; at the same time, the number of unique exploit detections increased by over 11 percent. The report also says that 73% of companies experienced a sever exploit.

Cryptomining increases- The already prevalent trend of cryptojacking showed a spike, with cryptomining malware more than doubling compared to the previous quarter. It was a rise from 13 percent in the previous quarter to 28 percent. Cryptojacking was more prevalent in Latin America, the Middle East and Africa. Cybercriminals today create all kinds of diverse cryptomining malware, including stealthy fileless malware to inject code into browsers in a rather undetected manner. The hackers who use cryptomining malware target different OSs and opt for all kinds of cryptocurrencies- Bitcoin, Dash, Monero etc. For cryptomining, they fine-tune and adopt delivery and propagation techniques from other threats too, so as to enhance success rates.

The Ransomware trend continues- The ransomware trend continues, with a notable increase in volume as well as sophistication. This continues to be a grave threat to all kinds of organizations across the globe. Moreover, ransomware is still evolving and is using all new methods- social engineering, multi-stage attacks etc so as to avoid being detected. The report also mentions about the GandCrab ransomware, which made its appearance in January and was the first ransomware to require Dash cryptocurrency as the ransom payment. The first quarter of 2018 also saw two other ransomware variants, namely BlackRuby and SamSam, emerging as major threats.

Targeted attacks ensuring maximum impact- Cybercriminals came up with more targeted attacks, combing destructive malware with designer attacks. To make such targeted attacks possible, they’d do sufficient reconnaissance on an organization in advance. This ensured better results for them. The trend is also to spread laterally after penetrating a network and before triggering the most destructive part of their planned attack. Recent examples of such targeted attacks with maximum results are the Olympic Destroyer malware and the SamSam ransomware.

Exploiting multiple attack vectors- Cybercriminals were exploiting multiple attack vectors. They would exploit known and unpatched vulnerabilities along with recently discovered zero-days, for better outcome. The exploits targeted Microsoft mostly while routers too were favored by the hackers. They also targeted Content Management Systems (CMS) and web-oriented technologies. Some of the top attacks targeted mobile devices as well, with 21 percent of organizations reporting mobile malware incidents; this was an increase of 7 percent compared to the previous quarter.

Increase in number of attacks against Operational Technology (OT)- There is an increase in the number of attacks against OT, though such attacks constitute just a small fraction of the overall attack landscape.

The findings of the Fortinet Global Threat Landscape Report demonstrates that to combat intelligent and automated threats, enterprises need an integrated, broad and automated security fabric as the main defense. It’s a highly pro-active security defense system that’s needed to combat today’s automated and AI-based attacks.