Even though the value of cryptocurrency has been decreasing, there was a significant increase in cryptocurrency mining in the first half of 2018, according to Trend Micro’s “Unseen Threats, Imminent Losses” report.
The amount of cryptocurrency mining activity detected in the first half of 2018 was more than double that of the second half of 2017. In the first half of 2017 there were about 75,000 mining detections, increasing to about 326,000 in the second half of that year.
Trend Micro also discovered a large number of new cryptocurrency mining malware types, which indicates that cybercriminals are still interested in profiting from digital currencies.
Mining virtual coins is fairly simple, but the real challenge is how to generate enough computing resources while still being profitable. Miners have to consider how to keep electricity costs below the price of coins mined, as well as keeping expensive graphic cards from being damaged from mining 24/7.
“It should come as no surprise that this interest would bleed into the cybercriminal realm. Cybercriminals would have predictably realized that they could outsource mining activities to unsuspecting users’ computers,” the report explained.
In the first half of 2018, attackers used a variety of vectors to install miners, such as server exploits, a PHP vulnerability, malvertisements, other forms of malware, and a potential financial scam site. According to Trend Micro, this is consistent with the trend seen in 2017 where cybercriminals explored all possible avenues to see what method would offer the most gains.
In addition, Trend Micro found that the interest in cryptocurrency is so high that some hackers are directly hacking into large cryptocurrency exchanges. For example, hackers took $500 million of NEM coins in January by breaking into an exchange, while hackers in India stole $3.3 million worth of bitcoins from an exchange in April.
Another pain point for IT teams was that the year started off with the discovery of Spectre and Meltdown in processors previously believed to be secure. According to the report, the impact of the Meltdown and Spectre attacks was worsened by the large amount of devices that were affected as well as the level of access granted to attacked.
Hardware vulnerabilities present a unique problem for IT admins because of the fact that microprocessors from multiple vendors were affected so applying patches to the different devices is difficult. Additionally, the patches could potentially impact the performance of older devices.
“The discovery of the flaws means that the entire computing ecosystem has been vulnerable for a long time. Additionally, the design flaws are so basic and integral to the function of modern computers that it is likely that similar types of vulnerabilities exist alongside them,” the report stated.
Other findings of the report include an increase in supervisory control and data acquisition (SCADA) vulnerability advisories, a rise in breaches despite regulations such as the GDPR taking effect, and weak router security despite the Mirai alert.
In addition, malware developers continued to fine-tune their evasion methods to combat improving detection techniques. The approaches that stood out to Trend Micro include fileless threats, using macros, and manipulating file sizes.