BY Richard Summerfield
2017 saw the emergence of cryptojacking as the latest cyber security challenge to be overcome, according to Symantec’s 2018 Internet Security Threat Report.
The report analyses data from the Symantec Global Intelligence Network, the largest civilian threat collection network in the world, which tracks over 700,000 global adversaries, records events from 126.5 million attack sensors worldwide, and monitors threat activities in over 157 countries and territories.
Cryptojacking, where computers are unknowingly co-opted for the use of mining cryptocurrencies, increased 8500 percent in 2017, with 1.7 million attacks registered in December alone.
Cyber criminals are increasingly turning to cryptojacking due to its low barriers to entry; indeed, only a few lines of code are required to infiltrate a machine. Cryptojackers are able to use coinminers to steal a device’s processing power and cloud CPU usage in order to mine cryptocurrency. Once a device has been hijacked, it will slow down, overheat and in some cases, be rendered unusable.
On an organisational level there are additional issues caused by cryptojacking. According to the report, “Corporate networks are at risk of shutdown from coinminers aggressively propagated across their environment. There may also be financial implications for organisations who find themselves billed for cloud CPU usage by coinminers.”
“Cryptojacking is a rising threat to cyber and personal security,” said Mike Fey, president and chief operating officer of Symantec. “The massive profit incentive puts people, devices and organisations at risk of unauthorised coinminers siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centres.”
“Now you could be fighting for resources on your phone, computer or IoT device as attackers use them for profit,” said Kevin Haley, director of Symantec Security Response. “People need to expand their defences or they will pay for the price for someone else using their device.”
Software supply chain attacks also boomed in 2017. An increasing number of attackers are injecting malware into supply chains. Last year saw a 200 percent increase in such attacks – the equivalent of one attack every month, up from the four attacks a year recorded previously.
Mobile malware is also continuing to grow. The number of new mobile malware variants increased by 54 percent last year. ‘Grayware’ applications are also affected mobile users, though grayware is not entirely malicious, it can be problematic and it is becoming increasingly common. Grayware use increased by 20 percent in 2017.