Crypto-miner malware overtakes ransomware as the biggest security threat

20 Apr 2018

Monero is the cryptocurrency of choice for cyber-criminals of late. Image: Wit Oslewski/Shutterstock

Cyber-criminals are finding more efficient ways to make money, according to new reports.

A growing trend in the cybersecurity realm in 2018 is the emergence of cryptocurrency-mining malware as a method of extracting money from unsuspecting internet users.

Cryptocurrency-mining malware on the up

While ransomware attacks were a major attack vector even as recently as late 2017, new reports show that cryptocurrency-mining malware incidents have raced to the top of detected events in Q1 2018.

A Comodo Cybersecurity report released at RSA Conference 2018 shows the sheer volume of recorded crypto-mining incidents in the first quarter of the year. Comodo said it detected 28.9m incidents out of a total of 300m malware detections.

As well as this, there are now many more variants of cryptocurrency-mining malware, as 93,750 in January shot up to 127,000 in March. In contrast, the amount of new ransomware variants fell from 124,320 in January to just 71,540 in March, a 42pc decrease.

Timing attacks with geopolitical events

Kenneth Geers, senior research scientist at Comodo, said: “Criminals’ proclivities to steal money more efficiently were evident with the surge in crypto-mining.

“And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them.”

Comodo said: “Unlike the one-and-done nature of ransomware – and the semi-custom nature of each target’s variant – crypto-miners … persist in infected machines or websites because they are often either unnoticed or tolerated by users, who find a performance impact more acceptable than dealing with the issue.”

Another report from Check Point also examined the rapid rise of crypto-mining malware among cyber-criminals. Besides slowing down user PCs and servers, these types of malware can laterally spread once inside the network, presenting a major security threat for organisations and enterprises.

For the fourth consecutive month, Coinhive crypto-mining malware retained its spot at the top of Check Point’s most-wanted list, impacting 18pc of organisations. Other miners included in the list were: Rig Ek, Cryptoloot and JSEcoin.

Criminals using these mining malware variants are also increasing the sophistication level of these methods. A report by Kaspersky Lab from March 2018 showed how a gang made $7m using computers belonging to 10,000 unsuspecting infected users.

The decline of ransomware doesn’t look likely to be permanent, though, as it may just take some time for ransomware to evolve and adapt to the defence systems of the targeted organisations and enterprises.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com