Massive increase in cryptocurrency mining malware detections in 2018: Report
The impact of cryptojacking malware is growing at a rapid rate and it is showing no signs of abating. This has been revealed in a report published by the Cyber Threat Alliance (CTA). The report points out to the sharp increase in cryptocurrency mining malware detections.
Combined data from several CTA members shows a 459 percent increase in illicit cryptocurrency mining malware detections since 2017.
The report writes in its preface:
“Because this threat is relatively new, many people do not understand it, its potential significance, or what to do about it.”
According to the report, there seem to be technical links between the ransomware and cryptojacking criminal communities. For example, ETERNAL BLUE was originally used in the WannaCry ransomware exploit. It has been now repurposed for a cryptojacking campaign called WannaMine. In addition, NotPetya’s use of Mimikatz has also been mimicked by recent cryptojacking campaigns. Even the recent Drupal vulnerability has already been weaponized for cryptojacking.
The report goes on to add:
“Combined threat intelligence from CTA members show that this rapid growth shows no signs of slowing down, even with the recent bearish trend in cryptocurrency market.”
Monero is the prime target for malicious actors
Illicit cryptocurrency mining operations have increased dramatically over the past year. Cryptocurrency mining malware grew from impacting 13 percent of all Fortinet customer companies in Q4 of 2017 to 28 percent of customer companies in Q1 of 2018, more than doubling its footprint.
The report further highlights the fact that the clear majority of illicit cryptocurrency malware mines Monero (85 percent), followed by Bitcoin at 8 percent. All other cryptocurrencies make up the remaining 7 percent. Although Monero is significantly less valuable than Bitcoin, it is still the favorite choice for malicious actors. Monero provides these actors the privacy and anonymity which makes it difficult for investigators to track.
Image via Shutterstock
Join our Telegram group