The findings of the recent “Cyber Attack Trends: 2018 Mid-Year Report” released by Check Point reveal that the number of organizations impacted by cryptomining malware has doubled from 20.5% in H2 2017 to 42% in H1 2018. The report also shows that hackers are increasingly targeting cloud infrastructures as indicated by the growth in sophisticated Gen V attacks on cloud infrastructures.
Cyber criminals are aggressively targeting organizations using cryptomining malware to develop illegal revenue streams. Cryptomining malware enables cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-user’s CPU power.
In another finding, the study indicates an increase in number of attacks which target cloud infrastructures. With organizations moving more of their IT estates and data to cloud environments, criminals are turning to the cloud to exploit its vast computational power and multiply their profits.
According to Maya Horowitz, Threat Intelligence Group Manager at Check Point, “The first half of this year saw criminals continue the trend we observed at the end of 2017, and take full advantage of stealthy crypto mining malware to maximize their revenues. We’ve also seen increasingly sophisticated attacks against cloud infrastructures and multi-platform environments emerging. These multi-vector, fast-moving, large-scale Gen V attacks are becoming more and more frequent, and organizations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.”
Key Malware Trends in H1 2018
- Cryptocurrency Miners Evolve – In 2018, cryptominers have been upgraded with vastly improved capabilities, becoming more sophisticated and even destructive. Motivated by a clear interest to increase the percentage of computational resources leveraged and be even more profitable, cryptominers today target anything that could be perceived as being in their way. Cryptominers have also highly evolved recently to exploit high profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates.
- Hackers Move to the Cloud –So far this year, there have been a number of sophisticated techniques and tools exploited against cloud storage services. Several cloud-based attacks, mainly those involving data exfiltration and information disclosure, derived from poor security practices, including credentials left available on public source code repositories or the use of weak passwords. Cryptominers are also, targeting cloud infrastructures to exploit its computational power and multiply profits for threat actors.
- Multi-platform Attacks on the Rise –Up until the end of 2017, multi-platform malware was rare. However, the rise in the number of consumer connected devices and the growing market share of non-Windows operating systems has led to an increase in cross-platform malware. Campaign operators implement various techniques in order to take control over the campaigns’ different infected platforms.
Mobile Malware Spread via the Supply Chain – In the first half of this year, there has been several incidences where mobile malware that has not been downloaded from a malicious URL, but instead arrived already installed within the device. In addition, there was an increase in applications readily available on app stores that were actually malware under disguise, including Banking Trojans, Adware and sophisticated remote access Trojans (RATs).
(Image Courtesy : www.hackerschronicle.com)