A first quarter look at cybercrime

What did we learn about cybercrime in the first quarter of 2018? Malicious cryptomining has taken over and it’s leaving all other malware families behind.


There’s no question 2017 was a banner year for malware—especially ransomware. 2017 saw major advances in the efficacy of this type of attack—with headlines covering the outbreak of WannaCry, NotPetya and Bad Rabbit. But for those of us that thought 2018 would hold more of the same, the first quarter of the year has been a bit of a surprise.

It’s true that there’s been less buzz about giant data breaches, massive outbreaks and noteworthy attacks in the early months of 2018, but cybercrime and malware have by no means gone away.

Each quarter, Malwarebytes produces an in-depth report analyzing the latest cybercrime tactics and techniques. The data in the report is a combination of intel and statistics gathered from the company’s intelligence, research, and data science teams along with telemetry from both consumer and business products, which are deployed on millions of machines.

So, where are the bad guys focusing? Here’s a quick look at some of the top cybercrime findings from January to March of 2018.

The new kid in town… cryptomining

The phenomenal rise of Bitcoin towards the end of the year, combined with the launch of CoinHive’s new service that allowed Monero currency to be mined directly within a web browser, created a new wave of malware that quickly overtook other, more popular attacks in terms of volume. Not surprisingly, detections of cryptomining malware for businesses increased by 27 percent over last quarter, bringing it up to the second-highest overall threat detection for businesses this quarter.

Not to be outdone by their desktop-based counterparts, Android miners experienced an even more dramatic surge, with nearly 40 times more detections in early 2018 compared to the end of last year—a nearly 4,000 percent increase!

Overall, malicious cryptomining led all other malware families from January through March 2018. Whether in the form of drive-by mining attacks via browser to scams meant to drain users’ cryptowallets, cybercriminals are taking every opportunity to exploit the rising value and popularity of Bitcoin and other cryptocurrencies.

Ransomware is dead, long live ransomware

While it’s true that cryptomining took over during the beginning of the year, it certainly wasn’t the only game in town. Bad actors continued to experiment with ransomware development and distribution, and although both January and February were especially low for consumer ransomware detections (35 percent drop from the previous quarter), business ransomware detections increased 28 percent from the previous quarter—a sign that may point to renewed interest in this attack method.

Both Locky and Cerber, once rulers of the ransomware market, are effectively out of the game for the time being; the most interesting examples of active ransomware in Q1 came in the form of GandCrab, Scarabey and Hermes.

The constant creepers: spyware and adware

Although not as widely covered in the cybersecurity landscape, spyware and adware continue to be one of the most persistent threats plaguing both consumers and businesses today.

While adware was one of the top threats for businesses and consumers in the fourth quarter of 2017, we saw a general decline in detections toward the end of the year, continuing into 2018. Despite the drop, however, adware remained the number one ranked threat to consumers.

On the flipside, spyware became the number one detection for businesses this quarter—an increase of 56 percent from the previous quarter—with January being the most heavily detected month. The spike is most likely due to a malspam campaign delivering the Emotet spyware.

Scammers capitalize on security trends

Not to be left behind, the fallout from two major vulnerabilities in processors—Meltdown and Spectre—provided an opportunity for scammers to take advantage of the confusion plaguing users with social engineering scams.

And with cryptomining seeping into about every other aspect of cybercrime this quarter, scammers leveraged tried-and-true tech support scam techniques to go after victim’s cryptocurrencies and drain their wallets.

Where do we go from here?

The fact is, it’s impossible to know what new and novel approach cybercriminals will take next, but looking at the trends from the first part of the year, it’s safe to say that cryptomining, ransomware and spyware will be around in one form or another for months, if not years, to come. The important thing is not to let your guard down. Just because one type of attack isn’t making headlines this week, doesn’t mean it’s not a threat. Maintaining an up-to-date security strategy that includes prevention, detection and remediation will mitigate the potential damage caused by cybercriminals.

This article includes excerpts and data from the Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2018 Report.


Copyright © 2018 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)