Cyber criminals are rapidly adding cryptojacking to their arsenal and
creating a highly profitable new revenue stream, as the ransomware
market becomes overpriced and overcrowded, according to Symantec's
(Nasdaq: SYMC) Internet
Security Threat Report (ISTR), Volume 23, released today.
"Cryptojacking is a rising threat to cyber and personal security,” said
Mike Fey, president and COO, Symantec. "The massive profit incentive
puts people, devices and organizations at risk of unauthorized
coinminers siphoning resources from their systems, further motivating
criminals to infiltrate everything from home PCs to giant data centers.”
Symantec's ISTR provides a comprehensive view of the threat landscape,
including insights into global threat activity, cyber criminal trends
and motivations for attackers. The report analyzes data from the
Symantec Global Intelligence Network™, the largest civilian threat
collection network in the world which tracks over 700,000 global
adversaries, records events from 126.5 million attack sensors worldwide,
and monitors threat activities in over 157 countries and territories.
Key highlights include:
Cryptojacking Attacks Explode by 8,500 Percent
During the past year, an astronomical rise in cryptocurrency values
triggered a cryptojacking gold rush with cyber criminals attempting to
cash in on a volatile market. Detections of coinminers on endpoint
computers increased by 8,500 percent in 2017.
With a low barrier of entry – only requiring a couple lines of code to
operate – cyber criminals are harnessing stolen processing power and
cloud CPU usage from consumers and enterprises to mine cryptocurrency.
Coinminers can slow devices, overheat batteries, and in some cases,
render devices unusable. For enterprise organizations, coinminers can
put corporate networks at risk of shutdown and inflate cloud CPU usage,
adding cost.
"Now you could be fighting for resources on your phone, computer or IoT
device as attackers use them for profit,” said Kevin Haley, director,
Symantec Security Response. "People need to expand their defenses or
they will pay for the price for someone else using their device.”
IoT devices continue to be ripe targets for exploitation. Symantec found
a 600 percent increase in overall IoT attacks in 2017, which means that
cyber criminals could exploit the connected nature of these devices to
mine en masse. Macs are not immune either with Symantec detecting
an 80 percent increase in coin mining attacks against Mac OS. By
leveraging browser-based attacks, criminals do not need to download
malware to a victim’s Mac or PC to carry out cyber attacks.
Majority of Targeted Attackers Use Single
Method to Infect Victims
The number of targeted attack groups is on the rise with Symantec now
tracking 140 organized groups. Last year, 71 percent of all targeted
attacks started with spear phishing – the oldest trick in the book – to
infect their victims. As targeted attack groups continue to leverage
tried and true tactics to infiltrate organizations, the use of zero-day
threats is falling out of favor. Only 27 percent of targeted attack
groups have been known to use zero-day vulnerabilities at any point in
the past.
The security industry has long discussed what type of destruction might
be possible with cyber attacks. This conversation has now moved beyond
the theoretical, with one in ten targeted attack groups using malware
designed to disrupt.
Implanted Malware Grows by 200 Percent,
Compromising Software Supply Chain
Symantec identified a 200 percent increase in attackers injecting
malware implants into the software supply chain in 2017. That’s
equivalent to one attack every month as compared to four attacks the
previous year. Hijacking software updates provides attackers with an
entry point for compromising well-guarded networks. The Petya outbreak
was the most notable example of a supply chain attack. After using
Ukrainian accounting software as the point of entry, Petya used a
variety of methods to spread laterally across corporate networks to
deploy their malicious payload.
Mobile Malware Continues to Surge
Threats in the mobile space continue to grow year-over-year, including
the number of new mobile malware variants which increased by 54 percent.
Symantec blocked an average of 24,000 malicious mobile applications each
day last year. As older operating systems continue to be in use, this
problem is exacerbated. For example, with the Android operating system,
only 20 percent of devices are running the newest version and only 2.3
percent are on the latest minor release.
Mobile users also face privacy risks from grayware apps that aren’t
completely malicious but can be troublesome. Symantec found that 63
percent of grayware apps leak the device’s phone number. With grayware
increasing by 20 percent in 2017, this isn’t a problem that’s going away.
Business-Savvy Cyber Criminals Price Ransomware
for Profit
In 2016, the profitability of ransomware led to a crowded market. In
2017, the market made a correction, lowering the average ransom cost to
$522 and signaling that ransomware has become a commodity. Many cyber
criminals may have shifted their focus to coin mining as an alternative
to cashing in while cryptocurrency values are high. Additionally, while
the number of ransomware families decreased, the number of ransomware
variants increased by 46 percent, indicating that criminal groups are
innovating less but are still very productive.
