Cryptojacking attacks spiked in first half of 2018

Cryptojacking attacks, fileless malware, and malware with small file sizes all increased in the first half of 2018 as cyber thugs tried to use more covert tactics.

Cryptojacking attacks spiked in first half of 2018
Thinkstock

Cryptojacking attacks have skyrocketed, locking in cryptojacking attempts as having the biggest security impact in the first half of 2018. So far this year, there has been a 141 percent increase in cryptocurrency mining detections compared to the previous half year, and 47 new cryptocurrency miner malware families have been detected.

The good news, according to Trend Micro’s 2018 midyear security roundup report (pdf), is that cyber thugs are relying less on ransomware — ransomware attacks are up only 3 percent from the second half of 2017.

“This indicates cyber criminals are shifting away from the quick payout of ransomware in favor of the slower, behind-the-scenes approach of stealing computing power to mine digital currency,” Trend Micro explained.

Unusual malware types detected

Another shift in the threat landscape thus far into 2018 involves unusual malware types. Attackers are fine-tuning malware campaigns while hoping to avoid detection. And they are increasingly turning to fileless malware, macros, and malware with small file sizes.

Trend Micro said it recorded a 250 percent increase in detections of the small file malware TinyPOS when compared to the second half of 2017, a 6 percent increase in malicious macros, and a 68 percent increase of Powload from January to June 2018.

“Standard spray and pray ransomware attacks and data breaches had become the norm, so attackers changed their tactics to be more covert, using entry vectors not previously seen or used extensively,” added Jon Clay, director of global threat communications for Trend Micro. “This means once again, business leaders must evaluate their defenses to ensure sufficient protection is in place to stop the latest and most pressing threats.”

Data breaches increase

Regarding data breaches, there were 259 reported in the first half of 2018; there had been 224 reported data breaches in the first half of 2017. Seventy-one percent of the 2018 breaches were in the healthcare industry.

Of those 259 data breaches in the first six months of 2018, Trend Micro said 15 were “mega breaches” that involved more than 1 million exposed data records – that’s six more mega breaches than in the previous half year despite GDRP enforcement kicking in on May 25, 2018.

Security researchers have found 30 percent more SCADA-related vulnerabilities so far in 2018, and Trend Micro’s Zero Day Initiative (ZDI) published more than 600 advisories in the first six months of 2018.

“Based on this increase in advisories, the ZDI is able to predict what types of vulnerabilities will likely be used next in real-world attacks. Among the advisories this year, the ZDI purchased and disclosed twice as many SCADA vulnerabilities compared to the same time last year. IT security managers running these environments must stay alert to this growing threat, especially as actors begin to perform destructive attacks rather than mere reconnaissance and testing,” it said.

Trend Micro has a page where it is easy to review the threat landscape numbers from the first half of 2018, or you can download and deep-dive into the 40-page report, which also covers vulnerabilities in hardware such as Meltdown and Spectre, router security, and incidents of business email compromise (BEC).

SUBSCRIBE! Get the best of CSO delivered to your email inbox.