Cryptominer Malware Threats Overtake Ransomware, Report Warns

SAN FRANCISCO – Cryptomining malware is the top threat to watch out for this year, according to a new report – with attacks jumping higher than ransomware instances in the first quarter of 2018.

A new report by Comodo Cybersecurity, released Tuesday at RSA Conference 2018, found that cryptominers have surged to the top of detected malware incidents in the first quarter of 2018. Ransomware attacks, which recently dominated Verizon’s Data Breach Investigations Report for 2017, declined significantly in volume over the past three months in 2018, researchers found.

“Criminals’ proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them,” said Kenneth Geers, chief research scientist at Comodo Cybersecurity.

During the first quarter of 2018, Comodo said it detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents.  The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March.

Meanwhile, the amount of new ransomware variants fell from 124,320 in January to 71,540 in March, decreasing by 42 percent.

Comodo said that the higher value of cryptocurrencies has bolstered the amount of money that hackers can rake in. Also, while hackers were able to cash in on one time payments through ransomware attacks, cryptominers “are the gift that keeps on giving.”

“Unlike the one and done nature of ransomware — and the semi-custom nature of each target’s variant — cryptominers… persist in infected machines or websites because they are often either unnoticed or tolerated by users, who find a performance impact more acceptable than dealing with the issue,” said Comodo in its report.

Researchers first saw a massive surge in malicious cryptomining in 2017 after Bitcoin’s valuation skyrocketed to $20,000. While cryptomining  itself is not illegal, and is part of the blockchain process, the illegal activity is when people steal other people’s computer resources to conduct mining on their behalf.

For instance, in February researchers said they found cryptojacking code hidden on the Los Angeles Times’ interactive Homicide Report webpage that was quietly harnessing visitors’ CPUs to mine Monero cryptocurrency.

“Cryptominer attacks then leaped in 2018 as cryptocurrencies’ market capitalization topped $264 billion, shifting the attention of cybercriminals from ransomware,” according to Comodo.

While the popularity of cryptojacking may not be a shock to the security industry, malicious cryptominers are increasingly using new sophisticated techniques.

A March report by Kaspersky Lab for instance highlighted how one cryptomining gang tracked over six months raked in $7 million with the help of 10,000 computers infected with mining malware.

And cryptomining is continuing to shift – according to Comodo’s report, Altcoin Monero became the leading target for cryptominers’ malware, replacing Bitcoin. Comodo said Monero’s features were appealing to cybercriminals – the cryptocurrency hides transaction parties and amounts, cannot be tracked or linked to previous transactions, and is designed for mining on ordinary computers.

While cryptomining will continue to be prevalent in 2018, Comodo warns ransomware attacks will likely make a resurgence.

“The pattern we’ve seen is that ransomware will start to decline when the malware code is not changing and companies’ cyber defenses are getting better at blocking it,” Fatih Orhan, VP of Comodo Cybersecurity Threat Research Labs, told Threatpost.

“We do believe there will be a resurgence in ransomware. The timing is of course uncertain but we do think we will see  it come back sometime this year…it could take the form of data destruction, instead of ransom, depending on the motivations of the criminals,” he said.