Cryptojacking exploded last year, according to Symantec’s latest annual security threat landscape report. The report, now in its 13th year, found detections of cryptocurrency coin miners grew by a whopping 8,500 percent in 2017.
“Cryptojacking just came out of nowhere,” said Kevin Haley, director of Symantec security response, adding that he doesn’t expect it to drop in popularity in 2018. “I think what we’re going to learn in the year to come [is] when people see the opportunity to take money, they’re going to come up with some really wild ways to do that.”
Meanwhile, ransomware is falling out of fashion. In 2016, the profitability of these attacks led to a crowded market. The market corrected itself last year and lowered the average ransom cost to $522. This, in part, led to the uptick in coin mining as an alternative to ransomware due to the current high values in cryptocurrency.
The annual report analyzes data from the Symantec Global Intelligence Network, which the company claims is the largest civilian threat collection network in the world. It tracks more than 700,000 global adversaries, records events from 126.5 million attack sensors worldwide, and monitors threat activities in 157-plus countries and territories.
The skyrocketing cryptojacking attacks in 2017 followed the same trajectory as cryptocurrency values. Hackers see it as a cheap and easy way to make money, Haley said. It only requires a couple of lines of code to operate in addition to stolen processing power and cloud CPU usage.
“You’ve got a lot of opportunities and people saying ‘why don’t I just use somebody else’s power and infrastructure,’ and all the sudden this takes off,” he said.
Coin mining can have serious — and expensive — business implications. It can slow down devices as attackers gobble up resources on corporate computers, phones, and Internet of Things (IoT) devices. This can result in companies buying new devices to replace the “slow” ones, and it can also put networks at risk. Plus, coin mining inflates energy and cloud CPU usage, adding cost.
“It’s easy to see this as a nuisance, but it can have more serious ramifications as attackers start taking over your computer,” Haley said. “What we’ll also inevitably see [is] if I get on your computer, I’ll probably do a couple things. I’ll drop the bitcoin mine on there, and I’ll probably also try to steal your data. Why not double dip?”
So how can companies fight back?
“Talk to your security vendor and ask are you able to detect these things?” Haley said. “Also build awareness. If you’re seeing a lot of CPU usage in your costs, this may be the reason.”
Supply Chain Attacks
Software update supply chain attacks also spiked in 2017. In these attacks — Petya/NotPetya for example — a hacker injects malware implants into the software supply chain so that the software update provides an entry point for compromising networks. Symantec identified a 200 percent increase in software supply chain attacks in 2017.
“What we’re seeing here is at least one supply chain attack every month in 2017,” Haley said. “You’ve got to start taking this seriously and that means talking to your software vendors. [Ask them] are you digitally signing your fields so we can tell if updates [have] been digitally modified before we download them, and how are you protecting us so bad guys aren’t slipping malware into your software? This is a weak spot that needs to be shored up.”
Oldie But Goodie
Another big trend for 2017 is old news: spear phishing. Last year, 71 percent of all targeted attacks started with spear phishing. “It’s simple and easy for the bad guys,” Haley said. “That’s why they do it and it works. Most organizations do phishing training with their users. Keep it up.”
Here are some other interesting tidbits from the report:
- Symantec found a 600 percent increase in overall IoT attacks in 2017.
- Apple’s Macs are not immune; the company detected an 80 percent increase in coin mining attacks against Apple’s Mac operating systems.
- The number of new mobile malware variants increased by 54 percent.
- Zero-day threats are losing their appeal, with only 27 percent of the 140 known organized attack groups using zero-day vulnerabilities.