December 2017: Crypto-Mining Malware Impacts 55% of Businesses
Half a month into the new year, let’s take a look back at how the scenario was in the last month of the last year, 2017.
December 2017, like any other month of the year 2017, was eventful as regards cyber security incidents. Studies have shown that crypto-miners showed a steep rise during December and had affected almost 55% of all businesses worldwide.
Crypto-mining malware, as we know, are used by cyber criminals to hijack and take charge of any systems CPU or GPU power and then use the existing resources for cryptocurrency mining.
The trend has been revealed by the Check Point Research Team in a report based on Check Point’s Global Threat Index. The report, published as a post on the Check Point blog, says- “During the month of December 2017, crypto-mining malware rapidly rose in Check Point’s Global Threat Index’s top ten most prevalent malware.”
It’s basically two different variants of the crypto-mining malware that featured in Check Point’s top three list of malware for December 2017. Similarly, there were ten different variants in the top 100. The Check Point blog states- “Check Point researchers found that crypto-miners managed to impact 55% of organizations globally, with two variants in the top three list of malware and ten different variants in the expanded top 100. In December, the crypto-miner Coinhive replaced RoughTed as the most prevalent threat, while the Rig ek exploit kit maintained its position in second. Another new entry to the top ten, the crypto-miner Cryptoloot is in third.”
The cyber criminals behind this had injected crypto-mining malware into many leading websites, especially media streaming and file sharing services. The Check Point research team reveals- “Check Point found that cryptocurrency miners have intentionally been injected into some top websites, mostly media streaming and file sharing services, without notifying the users. While some of this activity is legal and legitimate, the tools can be hacked to dominate more power and generate more revenue, using as much as 65% of the end-users’ CPU power.”
The researchers at Check Point also point out that crypto-miners have opened up for websites new opportunities for earning revenue, at a time when users are successfully avoiding pop-up and banner ads with blocking software. The Check Point blog post says- “Ad-blocking software, stemming from users losing patience with excessive pop-up and banner advertisements, has been slashing many websites’ advertising revenue. Those websites are turning to crypto-miners as a new source of revenue – often without the knowledge or permission of the visitors to the website.” The blog further says- “Similarly, threat actors are turning to crypto-mining malware as a new way to make money – illegitimately gaining access to the users’ CPU power to mine for their own crypto currency – making it even likelier that we’ll see this trend gain steam over the coming months.”
Check Point has also published the list of the top 10 malware for December 2017, and also indicates how positions had changed, for each malware, when compared to November 2017. The list has crypto-miners Coinhive and Cryptoloot in the first and third position respectively. The others are Rig ek (on 2nd place), Roughted (4th), Fireball (5th), Globeimposter (6th), Ramnit (7th), Virut (8th), Conficker (9th) and Rocks (10th).
Coming to the Android Operating System, it’s Triada that continues to be the most popular malware. The CheckPoint blog post states- “Triada, a modular backdoor for Android, continues to be the most popular malware used to attack organizations’ mobile estates followed by the Lokibot and Lotoor.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.