Cryptojacking on the rise, says Symantec

Posted on Apr 16 2018 - 9:44am by Reynaldo Vicente

Cyber criminals who have been employing ransomware to make money are now shifting interest to cryptojacking or cryptocurrency mining activities as an alternative revenue source due to the increasing cryptocurrency values. As a result, detections of coinminer activities on endpoint computers ballooned to 1.7-million at end-2017, registering a significant increase of 8,500% from 20,000 in January 2017, according to Symantec’s Internet Security Threat Report Volume 23.

Cryptojacking is a rising threat to cyber and personal security,” said David Rajoo, director of Systems Engineering, Malaysia, Indonesia and the Philippines at Symantec.

Attackers are using coinminers to steal computer processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. When infected, devices slow down and consume more energy, causing organization’s networks at risk of shutdown and increase cloud CPU usage. In terms of cryptomining activities, the Philippines ranks 11th in the Asia-Pacific and Japan region and 35th globally.

Cryptojacking is a rising threat to cyber and personal security,” said David Rajoo, director of Systems Engineering, Malaysia, Indonesia and the Philippines at Symantec. “The massive profit incentive puts people, devices and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”

The main motivation for criminals to favor cryptocurrency for their attacks is the fact that they can make money easier. Rajoo explained that through cryptojacking, you don’t need to directly infect the users or hold them for ransom. You try to infect a particular website, inject the script in and wait for users to come to the site and make money from them by having the coin mining script running.

READ:  OPPO F5 available at 0% interest via Home Credit

Another reason why cyber criminals are moving away from ransomware is because it is getting too competitive in the ransomware space. “All hackers are going after the same set of users trying to infect them. It becomes too crowded, too competitive and the pricing they are asking for is too high for them to make money. I think they are moving away to look at methods of making money, which is cryptocurrency,” said Rajoo.

Although cryptojacking is now becoming popular, Rajoo said it won’t completely replace ransomware. “Both will still continue to run. Ramsonware has stifled off a price point where users are willing to pay and that is still money. Cryptojacking is the new thing now. It’s easier to infect users. You don’t need any sophisticated programming skills to infect them,” said Rajoo.

Rajoo, however, notes that there are some instances where cryptomining activities are not malicious but they can be troublesome. “Although not malicious, they can be dangerous because at any point in time, they can change the code and make the malware becomes malicious.”

The Symantec ISTR also revealed that while the interest of attackers in cryptocurrencies is growing, ransomware families become fewer and ransom demands lower. The average ransom demand declined to $522 last year, while ransom variants rose 46%, indicating criminal groups are still quite productive but are innovating less. In 2017, the Philippines ranked 20th in terms of ransonware threats globally.

READ:  Lenovo strengthens retail presence in Phl, opens mobile exclusive stores

Mobile malware, on the other hand, continued to rise in 2017 with new mobile variants growing 54%, from 17,000 in 2016 to 27,000 last year, and an average of 24,000 malicious mobile applications were blocked each day. This problem was aggravated with the continued use of older operating systems like the Android operating system, where only 20% of devices are running the newest version.

Symantec claims there was an increase in hackers injecting malware implants into the supply chain in 2017 with a 200% hike in these attacks. This is equivalent to one attack every month in 2017 as compared with four attacks the previous year. In this attack, hackers provide an entry point for compromising networks, and used a variety of methods to spread across corporate networks to deploy their malicious payload.

In terms of infection vector, spear phishing is the most popular, being employed by 71% of 140 targeted attack groups in 2017 while the use of zero day vulnerabilities continues to drop.

As the 2018 Symantec threat report warns of rise in cyber attacks in the Philippines where consequences can be severe, the security firm offers best practices to protect businesses and consumers against threats.

For businesses, the following ways were recommended: Use advanced threat intelligence solutions to help find indicators of compromise and respond faster to incidents; ensure security framework is optimized, measurable and repeatable; implement a multi-layered defense; provide trainings about malicious email; and monitor resources and networks for abnormal and suspicious behavior.

READ:  One in four banks find it difficult to verify identity of online banking customers

On the other hand, consumers are advised to change default passwords on their devices and services to strong and unique ones; keep operating system and software up-to-date; be extra careful on emails; and back up files.

Related Posts

Petya, Wanna Cry and Mirai — Is this the new norma... By Jeff Castillo Fortinet Regional Director for Southeast Asia and Hong Kong This past year, cybercriminals have upped the stakes once again with th...
Changing technology landscape to introduce new thr... The upcoming year will include an increased breadth and depth of attacks, with malicious threat actors differentiating their tactics to capitalize on ...
‘Mining’ Botnets are back The Kaspersky Lab Anti-Malware Research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrenc...
10 tips to protect your files from ransomware Ransomware has overtaken news about APT attacks to become the main topic of the quarter. According to Kaspersky Lab’s Q1 malware report, the company’s...
F5 launches advanced WAF for multi-cloud app secur... F5 Networks is announcing its Advanced Web Application Firewall solution for application protection. With security capabilities to guard against appli...
INTERVIEW | Dell predicts 2018 as year of open net... Interview conducted by Alan Zeichick Editorial Director, NetEvents We’ve heard about what to expect in 2018: Digital transformation, IT transformati...
Dell EMC expands midrange storage portfolio Dell EMC is expanding its midrange storage portfolio with two new SC All-Flash data storage arrays, along with software updates to Dell EMC Unity desi...
Organizations must be ready to embrace hybrid clou... Embracing a hybrid cloud model to drive digital business transformation is now the path a number of businesses are considering to survive and gain com...
Kaspersky Lab opens new APAC headquarters To support the expansion of its business in Asia Pacific, Kaspersky Lab today announces the opening of a new location in Singapore for its regional HQ...
PLDT launches managed security solutions for end-t... Telecoms and digital services provider PLDT, through its Information and Communications Technology (ICT) subsidiary ePLDT, expanded its suite of IT se...
About the Author

REYNALDO “Rey” R. VICENTE’s career experience involves mostly research in publishing companies. He previously held the position of Research and Events Director of Media G8way Corp., publisher of Computerworld Philippines (CWP), PC World Philippines, and IT Resource. He also handled events organized for CWP. Prior to this, he was a Research Head of a business publication. Now as co-publisher of Upgrade Magazine, Rey also serves as Managing Editor. Rey finished his bachelor’s degree majoring in Economics at the University of Santo Tomas.

Leave A Response