Cryptomining, not ransomware, the top malware threat so far this year

Cryptominer-based attacks increased, while ransomware-based attacks decreased in Q1 2018, according to Comodo Cybersecurity Threat Research Labs.

Cryptomining, not ransomware, the top malware threat so far this year
Thinkstock

Cryptominer-based attacks, not ransomware-based attacks, have been the top threat so far this year, according to Comodo Cybersecurity Threat Research Labs’ Q1 Global Malware Report.

In the first three months of 2018, Comodo said it “detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10 percent share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42 percent decrease.”

If you get whacked with ransomware, you’ll know it when everything locks up and the ransom demand is staring back at you from the screen. But not everyone realizes what is happening when they surf to a site that attackers have set up to covertly install a cryptominer, which uses their PC’s resources to mine for cryptocurrency.

One reason why cyber thugs are favoring cryptominers over ransomware, Comodo suggested, is that ransomware attacks aren't working as well as they used to. Companies took anti-ransomware measures after ransomware dominated headlines in 2017, which made it more challenging for ransomware attacks to succeed.

But the biggest reason is the high value of cryptocurrencies. Unlike a ransom demand that may or may not be paid, cryptominers continue to pay out.

When it comes to digital currency, cyber crooks prefer to mine Monero over bitcoin. One reason: Bitcoin mining is resource-intensive, transactions can be tracked, and bitcoin wallets can be blocked or blacklisted. Monero, however, cannot be tracked, blacklisted, or traced to a specific person. Also, Monero blocks can be produced every two minutes, while Bitcoin blocks can be produced on a average of every 10 minutes. So, mining Monero provides “more frequent opportunities to attack.”

Yet Comodo believes that as more cybersecurity vendors develop better techniques to fight cryptominers, cyber criminals will go back to ransomware. “We expect a resurgence,” it said.

Other findings from Comodo's malware report

Comodo’s Q1 global malware report also highlighted the development of more sophisticated and dangerous password stealers, such as new variants of Pony Stealer.

“Now it’s able to steal data from a wider application range,” it said of Pony Stealer in the report. As for FTP clients, for example, there are now 44 targeted applications. Pony can also target 36 cryptocurrency wallets. “It also covers its traces, so victims remain unaware they have been compromised.”

So far, 2018 has included a geopolitical intelligence malware trend – malware detections that correspond with current events around the world. In Q1 2018, Comodo discovered 18 distinct malware types within 241 country code domains.

“Malware, like cyberspace itself, is merely a reflection of traditional, ‘real-world’ human affairs, and malware is always written for a purpose, whether it’s crime, espionage, terrorism or war,” said Dr. Kenneth Geers, chief research scientist at Comodo Cybersecurity. “Criminals’ proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them.”

NEW! Download the Winter 2018 issue of Security Smart