Over the past two years, ransomware has been favored by cybercriminals as it offered an easy way to make money. Campaigns could easily be conducted via spam email, and for many individuals, it was not even necessary to create the malware from scratch. Ransomware-as-a-service allowed campaigns to be conducted for a 60% cut of the profits generated with no programming experience required.
While some threat actors are still using ransomware in spray and pray campaigns or more targeted attacks, there has been a noticeable shift toward the use of cryptocurrency mining malware. Cryptocurrency mining malware is used in place of ransomware as it is more profitable. The number of new ransomware families detected was 26% lower in the first half of 2018 than the second half of 2017.
The popularity of cryptcurrency mining malware – or cryptojacking attacks as they are also known – has been confirmed by Trend Micro in its Midyear Security Roundup report. Cryptocurrency mining activity detections almost doubled in the first half of 2018 compared to the second half of 2017, rising by 96%. Cryptocurrency mining detections in the first half of 2018 were 956% higher than in the first half of 2017. increase. 47 new families of cryptocurrency mining malware were detected in the first half of 2018.
The report charts the changing tactics used by cybercriminals to introduce the malware or drive traffic to websites that have cryptocurrency mining code installed. Those tactics include malvertising campaigns, Ad injections into websites by the Droidclub botnet, adware downloaders, the use of web miner scripts in the AOL ad platform, exploitation of vulnerabilities such as CVE-2017-10271, and downloads via exploit kits.
A ransomware infection can prove incredibly costly for businesses in terms of network downtime and disruption to businesses processes while systems are rebuilt and data are recovered from backups. The costs associated with cryptojacking are often lower by comparison, but the attacks are still costly. Networks are slowed which has an effect on productivity, energy costs increase, hardware can be worn down, or in some cases, permanent damage can be caused.
Cybercriminals are constantly changing tactics and are looking for the easiest way to make money. As the value of cryptocurrencies has increased, and protections against ransomware improved by companies, tactics have changed accordingly. Trend Micro notes in the report that business leaders must keep abreast of changing tactics and ensure they have sufficient protections in place to defend against new attack methods.
The cybersecurity firm has also issued a warning to critical infrastructure companies. The number of SCADA vulnerabilities detected by Trend Micro has doubled in the space of a year, with most of those vulnerabilities in human-machine interface (HMI) software. Further, cybercriminals have moved from reconnaissance to actively exploiting those vulnerabilities.