The number of cryptomining attacks increased by more than 83 percent in the past year, with more than 5 million people attacked with the malware in the first three quarters of 2018. That’s compared to 2.7 million people over the same period in 2017, according to stats from Kaspersky Lab.
The firm’s research also found that cryptomining attacks increased steadily during the first half of the year, peaking in March, when around 1.2 million users faced an attack. Kaspersky Lab researchers found that drivers behind this ramp aren’t necessarily the most obvious: The analysis revealed that neither cryptocurrency legislation nor the falling cost of power has a significant impact on the spread of malicious cryptominers.
Read more about the findings of the new research on Threatpost.
Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by.
The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn’t have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes.
Read more about the sophisticated new Linux malware on ZDNet.
Hackers have been stealing CPU-cycles from visitors to the Make-A-Wish Foundation’s international website in order to mine for Monero cryptocurrency. Researchers said they found the CoinIMP mining script embedded in the non-profit’s website, and that it was taking advantage of the Drupalgeddon 2 vulnerability.
Trustwave researchers discovered the cryptominer on the Make-A-Wish International’s website and said it had been active since May. Make-A-Wish International is the global arm of the US-based Make-A-Wish Foundation.
Read more about the cryptojacking attack on Threatpost.
If exploits and malware were stocks and bonds, the third quarter of 2018 would have been a bull market. That’s the broad takeaway from Fortinet’s Q3 2018 “Global Threat Landscape Report,” which found malware, exploits, and threats all on the increase. From July through September, unique malware variants grew 43%, while the number of malware families grew by nearly 32%.
Despite those numbers, Anthony Giandomenico, senior security strategist/researcher at FortiGuard Labs, says cryptojacking is one of the more serious threats he’s seeing. Giandomenico realizes that many researchers view crypto-jacking as more of an annoyance, but he sees two problems with that view.
Read more about the findings of the Fortinet report on DarkReading.
The latest Check Point Global Threat Index reveals that while cryptomining malware continues to dominate the rankings, a remote access Trojan has reached the top ten’s list for the first time. During the month of October, Check Point researchers discovered a widespread malware campaign spreading a remote access trojan (dubbed “FlawedAmmy”) that allows attackers to take over victims’ computers and data.
Meanwhile, cryptomining malware continues to lead the Index, with Coinhive the most prevalent malware with a global impact of 18%, while Cryptoloot has risen to second on the list impacting 8% of organizations worldwide.
McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims’ computing power to mine for cryptocurrencies. WebCobra silently drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the architecture WebCobra finds. This cryptocurrency mining malware is uncommon in that it drops a different miner depending on the configuration of the machine it infects.
The researchers believe this threat arrives via rogue PUP installers. They have observed it across the globe, with the highest number of infections in Brazil, South Africa, and the United States.
Read more about the WebCobra cryptojacking malware on McAfee.
As the popularity of cryptocurrency rises, so does the amount of cryptominer Trojans that are being created and distributed to unsuspecting victims. One problem for cryptominers, though, is that the offending process is easily detectable due to their heavy CPU utilization. To make it harder to spot a cryptominer process that is utilizing all of the CPU, a newly discovered Linux variant attempts to hide its presence by utilizing a rootkit.
According to a new report by TrendMicro, this new cryptominer+rootkit combo will still cause performance issues due to the high CPU utilization, but administrators will not be able to detect what process is causing it.
Late last week, St. Francis Xavier University in Canada was the victim of a cryptojacking attack. A hacker (or hackers) targeted the university’s computer system to mine for the world’s number one cryptocurrency. The attack forced the university to shut down their network completely to safeguard personal data for students and staff.
Needless to say, quite a few services were impacted by this. Online courses, email, debit card transactions, Wi-Fi, and drives on the St. F.X. network were all completely offline. Since then, services have been increasingly restored. St. Francis Xavier University notes that all passwords have been reset due to security concerns.
North Korea is hacking computers to mine cryptocurrency to bring extra cash into the country, according to South Korea’s intelligence service. North Korean hackers also continue to hack computers in South Korea and abroad to steal confidential information, the state intelligence agency said in a parliamentary audit, Yonhap News reported.
A U.S. cybersecurity firm revealed in January that it found computers installed with malware, suspected to have been implanted by North Korean hackers, to mine for cryptocurrency Monero and send it to Kim Il Sung University in Pyongyang, according to Chosun Ilbo. Cryptocurrency has emerged as an alternative source of money for the cash-strapped North Korean regime amid tightening international sanctions.
Read more about the North Korean cryptojacking campaigns on UPI.
NSFOCUS released its H1 Cybersecurity Insights report, which analyzed traffic from January 1, 2018 to June 30, 2018. Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all crypto mining activities detected by NSFOCUS.
Among more than 27 million attack sources detected in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources. China, the USA, and Russia are home to the most “recidivists.”