Mining Malware Continues To Dominate Cybersecurity Threats By Seeking Out New Vulnerabilities

pubblicato su by Cointele | pubblicato su

Mining malware may now be painfully familiar to anyone with even a passing awareness of cryptocurrency, but so far businesses and consumers alike are failing to significantly curb its growing threat.

Santa Clara-based Malwarebytes released its Cybercrime tactics and techniques: Q1 2018 report on April 9, finding that businesses had seen a 27 percent increase in mining malware in the first three months of the year compared to the previous three.

While the year-on-year growth in the value of cryptocurrencies would indicate that mining malware is going to continue spreading in parallel, there are some emerging signs that organizations at least are coming to terms with the threat posed by malware.

Perhaps more worrying are the means by which mining malware such as Coinhive and Cryptoloot are gaining footholds in IT systems.

What's interesting about such growth is that, as Malwarebytes notes in the report, "Virtually all other malware is on the decline." For example, it finds that the detection of ransomware among consumers declined by 35 percent between Q4 2017 and Q1 2018, while "The overall volume remains low" for business detections of such malware.

"Most malware mines in a subtle manner, as to not raise any suspicion," he continues, while it's worth noting that malware such as Coinhive often stops using a host's spare processing power if they navigate away from an infected website or close their browser.

Such a correlation paints a bleak picture, since even if mining malware isn't especially damaging when conducted on a smaller scale, it isn't without risks for larger organisations and servers.

In January, February, March and April, the malware impacted 23 percent, 20 percent, 18 percent and 16 percent of organizations respectively, while the impact of cryptojacking malware overall declined from 55 percent in December to 42 percent in February.

The keyword here is "Detections" since it may not be the overall deployment or attempted use of mining malware that's increasing, but rather the ability of organizations to detect such malware when they're targeted by it - the 'recorded' versus 'actual' crime conundrum.

Against these flickers of hope, analysts and cybersecurity researchers would caution that hackers are almost always finding new targets for their malware and new ways of targeting them.

x