Cryptomining Malware Soars 956% in a Year

Crypto-mining malware detections jumped 96% in the first half of 2018 versus the whole of last year as cyber-criminals increasingly looked to more covert ways of making money, according to Trend Micro.

The security vendor claimed in its latest Midyear Security Roundup that it blocked over 20 billion threats in the first six months of this year.

However, fewer of these are standard “spray and pay” ransomware attacks and breaches, it claimed. In fact, 1H 2018 is the first time since the advent of ransomware in 2005 that there has been a decrease in new families discovered.

Instead, attackers are looking to crypto-jacking along with fileless, macro and small file malware techniques to fly under the radar.

There was a 956% increase in cryptocurrency malware detections versus 1H 2017, and a 250% increase in detections of small file malware, TinyPOS, compared to 2H 2017.

The findings chime with other research into the threat landscape. Check Point, for example, warned last month that the number of global organizations affected by cryptojacking rose from just under 21% in the second half of 2017 to 42% in 1H 2018, with cyber-criminals making an estimated $2.5bn over the past six months.

“The recent change in the threat landscape mirrors what we’ve seen for years — cyber-criminals will constantly shift their tools, tactics and procedures (TTPs) to improve their infection rates,” said Bharat Mistry, principal security strategist for Trend Micro.

“This means once again, business leaders must evaluate their defenses to ensure sufficient protection is in place to stop the latest and most pressing threats.”

On the plus side, data breach reporting remained pretty consistent during the period despite the advent of the GDPR, but the number of SCADA vulnerabilities reported by Trend Micro’s Zero Day Initiative doubled from 1H 2017.

The firm warned operators of Human Machine Interface (HMI) systems to be on the lookout for bugs as threat actors ramp up attacks from mere reconnaissance and testing to destructive raids.

In total, the ZDI published over 600 advisories in the first six months of 2018.

Join our session on “Cryptojacking: Exploring the Phenomenon that is Illicitly Mining Cryptocurrency” during the Infosecurity Magazine Online Summit, between 1230-1330 on 11th September. Register here -

What’s Hot on Infosecurity Magazine?