According to a new report by Comodo Cybersecurity, cryptomining surpassed all other malware incidents in the first quarter of 2018, and is the top threat to watch out for in the coming year. The Clifton, New Jersey-based cybersecurity firm was one of the first to present Q1 2018 data, and its threat analysis revealed a very different picture from the previous year.
Ransomware attacks dominated the 2018 Verizon’s Data Breach Investigations Report, released last week. Verizon researchers found that ransomware attacks had doubled over 2017, and were then the leading malware type.
Comodo, however, said that their findings showed that ransomware attacks had declined significantly in volume across the first three months of 2018, and cryptomining had displaced ransomware as the number one threat.
The company noted that ransomware had represented 4 out of 10 of all malware detections in August 2017, but had declined to 1 in 10 in February 2018. They noted that attacks were less successful in part because hackers had not innovated malware code, and companies had become more efficient about implementing anti-ransomware initiatives, such as virtualizing infrastructures. Comodo, however, highlighted the fact that they believe that ransomware “will reemerge as a major threat, possibly as a weapon of data destruction, as demonstrated by NotPetya”.
“Criminals’ proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them,” said Kenneth Geers, chief research scientist at Comodo Cybersecurity.
Comodo said it had identified 28.9 million cryptomining incidents out of 300 million malware incidents collectively. The amount of unique cryptominer variants increased from 93,750 in January to 127,000 in March; while the number of new ransomware variants dropped from 124,320 in January to 71,540 in March, a fall of 42%.
Comodo said that the booming values of cryptocurrencies was fuelling the rise in cryptomining malware, and noted that while ransomware attacks only gave hackers the chance to wrest one time payments out of their targets, cryptominers are “the gift that keeps on giving”.
“Unlike the one and done nature of ransomware — and the semi-custom nature of each target’s variant — cryptominers… persist in infected machines or websites because they are often either unnoticed or tolerated by users, who find a performance impact more acceptable than dealing with the issue,” said Comodo in its report.
Comodo also found that Altcoin Monero had become the top target for cryptominers, displacing Bitcoin. According to the company’s analysts, this was because Monero’s features favour cybercriminal activity, for instance, by hiding transaction parties and amounts, not allowing tracking of payments, and the fact that it is designed for mining on regular computers.