Get ready to hear a lot more of the word 'cryptojacking' as we go through 2018.
According to Symantec's Internet Security Threat Report (ISTR), Volume 23, cyber criminals are rapidly adding cryptojacking to their arsenals to create a highly profitable new revenue stream.
“Cryptojacking is a rising threat to cyber and personal security,” said Mike Fey, president and COO, Symantec. “The massive profit incentive puts people, devices and organisations at risk of unauthorised coinminers siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centres.”
Symantec's ISTR provides a comprehensive view of the threat landscape, including insights into global threat activity, cyber criminal trends and motivations for attackers. The report analyses data from the Symantec Global Intelligence Network, the largest civilian threat collection network in the world which tracks over 700,000 global adversaries, records events from 98 million attack sensors worldwide and monitors threat activities in over 157 countries and territories.
During the past year, a much-documented rise in cryptocurrency values triggered a cryptojacking gold rush with cyber criminals attempting to cash in on a volatile market. Detections of coinminers on endpoint computers increased by 8,500 per cent in 2017. The UK ranked as the fifth highest country worldwide, with a staggering 44,000 per cent increase in coinminer detections.
Coinminers can slow devices, overheat batteries, and in some cases, render devices unusable. For enterprise organisations, coinminers can put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.
Symantec found a 600 per cent increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse. Macs are not immune either with Symantec detecting an 80 per cent increase in coinmining attacks against Mac OS. By leveraging browser-based attacks, criminals do not need to download malware to a victim’s Mac or PC to carry out cyber attacks.
In 2016, the profitability of ransomware led to a crowded market. In 2017, the market made a correction, lowering the average ransom cost to $522 (less than £374) and signalling that ransomware has become a commodity. Many cyber criminals may have shifted their focus to coinmining as an alternative to cashing in while cryptocurrency values are high. Additionally, while the number of ransomware families decreased, the number of ransomware variants increased by 46 per cent, indicating that criminal groups are innovating less but are still very productive.
As older operating systems continue to be in use, this problem is exacerbated. For example, with the Android operating system, only 20 per cent of devices are running the newest version and only 2.3 per cent are on the latest minor release.
The number of groups executing targeted attack is on the rise. In 2017 Symantec tracked 140 criminal groups using these kinds of attacks. Last year, 71 per cent of all targeted attacks started with spear phishing – the oldest trick in the book – to infect their victims. As targeted attack groups continue to leverage tried and tested tactics to infiltrate organisations, the use of zero-day threats is falling out of favour. Only 27 per cent of targeted attack groups have been known to use zero-day vulnerabilities at any point in the past.
The security industry has long discussed what type of destruction might be possible with cyber attacks. This conversation has now moved beyond theory, with more than 10 per cent of all attacks designed to disrupt.