Coin-mining malware multiplies

BY Richard Summerfield

The types of malware utilised by cyber criminals grew by 629 percent in the first quarter of 2018, according to the McAfee Labs Threat Report: June 2018.

‘Cryptojacking’ and other forms of cryptocurrency mining experienced remarkable growth, climbing from around 400,000 total known samples in Q4 2017 to more than 2.9 million in Q1 2018.

“Cybercriminals will gravitate to criminal activity that maximises their profit,” said Steve Grobman, chief technology officer at McAfee. “In recent quarters we have seen a shift to ransomware from data-theft, as ransomware is a more efficient crime. With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts."

Furthermore, on average, McAfee detected five new malware samples per second, down from eight per second recorded in Q4 2017.

 “There were new revelations this quarter concerning complex nation-state cyber-attack campaigns targeting users and enterprise systems worldwide,” said Raj Samani, chief scientist at McAfee. “Bad actors demonstrated a remarkable level of technical agility and innovation in tools and tactics. Criminals continued to adopt cryptocurrency mining to easily monetise their criminal activity.”

McAfee recorded 313 publicly disclosed security incidents in Q1 2018, a 41 percent increase over Q4 2017. One of the most frequently targeted industries was healthcare, which saw a 47 percent increase in recorded incidents. Cyber criminals targeted the sector with the SAMSA ransomware.

Education and finance also recorded increases of 40 percent and 39 percent respectively. Ransomware was frequently deployed against schools. In total, there were 313 publically disclosed security incidents in Q1, a 41 percent increase on the previous quarter.

According to McAfee, cryptocurrency mining campaigns may overtake the use of ransomware in the future, as it is as simpler and less risky form of cyber crime. Sophisticated Bitcoin-stealing phishing campaigns, such as ‘HaoBao’, which was launched by the Lazarus cyber crime ring, may become more commonplace, targeting global financial organisations and Bitcoin users.

Mobile malware has seen significant growth of late. Total known malware samples grew 42 percent over the last four quarters. Malware has also grown; the total number of malware samples grew 37 percent over the past four quarters to more than 734 million samples.

In January, McAfee reported an attack targeting organisations involved in the Winter Olympics in South Korea. The attack was executed using a malicious Word attachment containing a hidden PowerShell implant script. The script was embedded within an image file and executed from a remote server. The attack, dubbed ‘Gold Dragon’, involved a fileless implant which encrypted stolen data and sent the data to the attackers’ command and control servers. The implant then performed reconnaissance functions, monitoring the use of anti-malware solutions in order to evade them.

Report: McAfee Labs Threat Report: June 2018

©2001-2018 Financier Worldwide Ltd. All rights reserved.