Cryptominers Surpass Ransomware as Most Widespread Cybercrime Malware

Victoria Schmidt Jul 27, 2018

Cryptominers have surpassed ransomware as the cybercriminal’s tool-of-choice in the first half of 2018. That’s according to the mid-year update to the Vulnerability and Threat Trends Report. The report is compiled by the Skybox Research Lab and includes security analyst research of the vulnerabilities, exploits and threats that are shaping the threat landscape. It explores trends observed from January to June of 2018.

To read the full report, click here.

In the last six months of 2017, ransomware accounted for 32 percent of attacks, while malicious cryptominers accounted for seven percent. By the first half of 2018, the figures had switched almost exactly: malicious cryptominers accounted for 32 percent of attacks while ransomware dropped to eight percent.

  • The Rise of Cryptominers

Cryptomining uses the computational power of compromised assets to create new blocks in the blockchain of cryptocurrencies like Bitcoin and Monero. Malicious or unauthorized cryptomining as a means of cybercrime avoids several of the drawbacks of ransomware, the former darling of cybercriminals:

  • The victim doesn’t need to be notified of the attack in order to pay the ransom, so malicious cryptomining attacks can continue indefinitely in a stealth manner
  • Cryptocurrency can be mined over long-periods of time, rather than the cybercriminal receiving a single lump-sum ransom payment
  • There is no decision of payment on the part of the victim — the malware itself controls how much money will be generated for the attacker
  • Other Trends Tied to Popularity of Cryptominers

Other findings in the report appear to relate to this rise in cryptomining. Internet and mobile vulnerabilities made up nearly a third of all new vulnerabilities published in the first half of 2018. Google Android had by far the most vulnerabilities during that time period, exceeding the tally of the next five most vulnerable vendors combined. Android also logged 200 more vulnerabilities than it did in the second half of 2018. Malicious cryptomining has found an advantage in targeting the app store of the global market leader in mobile devices, Google Play, with billions of potential targets worldwide.

The continued increase in browser-based malware may also in part be linked to the popularity of cryptominers. Web browsers are considered the most prone to malicious attacks, as they constantly interact with websites and applications cybercriminals have infected with malware, including cryptominers. Cryptomining malware could be active as long as the web session is active, and ‘file-less’ cryptominers also can hide from conventional security tools as there’s no download or attachment to analyze.

  • Countering Today’s Threat Landscape

Skybox recommends establishing a threat–centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by incorporating vulnerability and threat intelligence with the context of their assets, network and security controls. This way, remediation is targeted at the greatest areas of risk while leveraging all response options — patching as well as network-based changes.

To learn more about Skybox vulnerability management approach, download our e-book here.

  • About the Vulnerability and Threat Trends Report

The report aims to help organizations align their security strategy with the reality of the current threat landscape. The force behind the report is the Skybox® Research Lab, a team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. They validate and enhance data through automated as well as manual analysis, with adding their knowledge of attack trends, cyber events and TTPs of today’s attackers.

Related Posts

Ransomware Packs a Punch but Malicious Cryptomining Spikes: While ransomware threats have given some ground to malicious cryptomining, the attacks still hit hard.

Malicious Cryptomining More Lucrative, Lower Risk Than Ransomware: What is cryptomining? What makes it malicious? And why is it becoming the darling of cybercriminals?

The Cryptomining Malware Family: Cryptomining malware comes in many shapes and sizes, from browser-based software to cryptocurrency wallet stealers and dedicated applications.

Victoria Schmidt is a seasoned content expert with years of experience in content creation for government, SMB and enterprises. Originally from the Washington, DC area, she started her career writing for the U.S. Department of the Treasury and Federal Employees Health Benefits Program. As Skybox’s communication program manager, she leads the global social media and analyst relations program. She holds an MBA and a bachelor’s degree in English.

Recent Posts

Skybox 2021 Vulnerability and Threat Trends Report reveals emerging security challenges and growing need for exposure analysis
Read More
Biden Cybersecurity Executive Order
Read More
CISA Alert – Top routinely exploited vulnerabilities
Read More
3 trends shaping security posture management for 2021
Read More
Skybox Q&A: CRO Rob Rosiello identifies today’s and tomorrow’s top cybersecurity issues as the world reopens
Read More
Post-pandemic cyber threats
Read More