Cryptominers surged to the top of detected malware incidents, displacing ransomware as the No. 1 threat.
Comodo Cybersecurity Threat Research Labs’ first-quarter global malware report shows that the world is already a very different place from 2017. During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10% share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42% decrease.
The surge in cryptominers started in 2017, after the price of Bitcoin skyrocketed to $20,000. Cryptominer attacks then leaped in 2018 as cryptocurrencies’ market capitalization topped $264 billion.
Also, Monero has become the leading target for cryptominers’ malware, replacing Bitcoin. Its features favor cybercriminals: It hides transaction parties and amounts; cannot be tracked, blacklisted or linked to previous transactions; creates blocks every two minutes, providing more frequent opportunities for attack; and is designed for mining on ordinary computers.
“Malware, like cyberspace itself, is merely a reflection of traditional, real-world human affairs, and malware is always written for a purpose, whether it’s crime, espionage, terrorism or war,” said Kenneth Geers, chief research scientist at Comodo Cybersecurity. “Criminals’ proclivities to steal money more efficiently were evident with the surge in cryptomining.”
Meanwhile, the report found that password stealers have become more sophisticated and dangerous. Comodo Cybersecurity observed cybercriminals increasingly developing and updating malware with the goal of stealing users’ credentials. Pony Stealer, for instance, now demonstrates new capabilities in both stealing data and in covering its tracks.
The firm also said to expect a ransomware resurgence, despite a radical decrease in the number of overall detections. Ransomware's overall share of incidents dropped from 42% in August 2017 to just 9% in February 2018, but researchers said that it could morph into a weapon of data destruction – as seen with NotPetya – rather than a tool to extort a ransom.
Also, hot zones can be identified by malware type. Countries that have the most acute challenges associated with Trojans, viruses and worms include Brazil, Egypt, India, Indonesia, Iran, Mexico, Nigeria, Philippines, Russia and South Africa. Meanwhile, countries in a higher socioeconomic category (which can afford more professional cyber-defenses) are often plagued by a higher ratio of application malware.