Cyber criminals who have been employing ransomware to make money are now shifting interest to cryptojacking or cryptocurrency mining activities as an alternative revenue source due to the increasing cryptocurrency values. As a result, detections of coinminer activities on endpoint computers ballooned to 1.7-million at end-2017, registering a significant increase of 8,500% from 20,000 in January 2017, according to Symantec’s Internet Security Threat Report Volume 23.
Attackers are using coinminers to steal computer processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. When infected, devices slow down and consume more energy, causing organization’s networks at risk of shutdown and increase cloud CPU usage. In terms of cryptomining activities, the Philippines ranks 11th in the Asia-Pacific and Japan region and 35th globally.
Cryptojacking is a rising threat to cyber and personal security,” said David Rajoo, director of Systems Engineering, Malaysia, Indonesia and the Philippines at Symantec. “The massive profit incentive puts people, devices and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”
The main motivation for criminals to favor cryptocurrency for their attacks is the fact that they can make money easier. Rajoo explained that through cryptojacking, you don’t need to directly infect the users or hold them for ransom. You try to infect a particular website, inject the script in and wait for users to come to the site and make money from them by having the coin mining script running.
Another reason why cyber criminals are moving away from ransomware is because it is getting too competitive in the ransomware space. “All hackers are going after the same set of users trying to infect them. It becomes too crowded, too competitive and the pricing they are asking for is too high for them to make money. I think they are moving away to look at methods of making money, which is cryptocurrency,” said Rajoo.
Although cryptojacking is now becoming popular, Rajoo said it won’t completely replace ransomware. “Both will still continue to run. Ramsonware has stifled off a price point where users are willing to pay and that is still money. Cryptojacking is the new thing now. It’s easier to infect users. You don’t need any sophisticated programming skills to infect them,” said Rajoo.
Rajoo, however, notes that there are some instances where cryptomining activities are not malicious but they can be troublesome. “Although not malicious, they can be dangerous because at any point in time, they can change the code and make the malware becomes malicious.”
The Symantec ISTR also revealed that while the interest of attackers in cryptocurrencies is growing, ransomware families become fewer and ransom demands lower. The average ransom demand declined to $522 last year, while ransom variants rose 46%, indicating criminal groups are still quite productive but are innovating less. In 2017, the Philippines ranked 20th in terms of ransonware threats globally.
Mobile malware, on the other hand, continued to rise in 2017 with new mobile variants growing 54%, from 17,000 in 2016 to 27,000 last year, and an average of 24,000 malicious mobile applications were blocked each day. This problem was aggravated with the continued use of older operating systems like the Android operating system, where only 20% of devices are running the newest version.
Symantec claims there was an increase in hackers injecting malware implants into the supply chain in 2017 with a 200% hike in these attacks. This is equivalent to one attack every month in 2017 as compared with four attacks the previous year. In this attack, hackers provide an entry point for compromising networks, and used a variety of methods to spread across corporate networks to deploy their malicious payload.
In terms of infection vector, spear phishing is the most popular, being employed by 71% of 140 targeted attack groups in 2017 while the use of zero day vulnerabilities continues to drop.
As the 2018 Symantec threat report warns of rise in cyber attacks in the Philippines where consequences can be severe, the security firm offers best practices to protect businesses and consumers against threats.
For businesses, the following ways were recommended: Use advanced threat intelligence solutions to help find indicators of compromise and respond faster to incidents; ensure security framework is optimized, measurable and repeatable; implement a multi-layered defense; provide trainings about malicious email; and monitor resources and networks for abnormal and suspicious behavior.
On the other hand, consumers are advised to change default passwords on their devices and services to strong and unique ones; keep operating system and software up-to-date; be extra careful on emails; and back up files.