The start of 2018 has seen a massive rise in cryptocurrency mining and cryptojacking attacks, along with steady numbers of familiar malware and ransomware attacks, according to a Wednesday report from McAfee. On average, five new threat samples arose every second of Q1 2018, with several notable campaigns demonstrating just how sophisticated hackers have become.
«There were new revelations this quarter concerning complex nation-state cyber-attack campaigns targeting users and enterprise systems worldwide,» Raj Samani, chief scientist at McAfee, said in a press release. «Bad actors demonstrated a remarkable level of technical agility and innovation in tools and tactics. Criminals continued to adopt cryptocurrency mining to easily monetize their criminal activity.»
Of particular note was the rapid expansion of cryptojacking and other cryptocurrency mining attacks, in which criminals hijack victim’s browsers or infect their systems to mine for cryptocurrencies like Bitcoin—often without their knowledge. Coin miner malware grew a whopping 629% this year, growing from about 400,000 total known samples in Q4 2017 to more than 2.9 million in Q1 2018.
SEE: Intrusion detection policy (Tech Pro Research)
The rapid growth suggests that cybercriminals are drawn to the ease of infecting a user’s system and collecting the payments themselves, without having to rely on another party to monetize their attack, the report said.
«Cybercriminals will gravitate to criminal activity that maximizes their profit,» Steve Grobman, CTO at McAfee, said in the release. «In recent quarters we have seen a shift to ransomware from data-theft, as ransomware is a more efficient crime. With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.»
However, cryptomining is far from the only cyberthreat that businesses need to keep on their radar and protect against. Here are five campaigns the report identified as wreaking major havoc in Q1.
1. Bitcoin-stealing campaigns
A cybercrime ring called Lazarus launched a sophisticated Bitcoin-stealing phishing campaign called HaoBao this year, targeting global financial institutions and Bitcoin users, the report found. The attack came via malicious email attachments to victims, which, when opened, would implant a tool that scanned for Bitcoin activity and established a connection for ongoing data gathering and cryptomining.
2. Gold Dragon attacks
In January, the Gold Dragon attack targeted organizers of the Pyeongchang Winter Olympics in South Korea. The fileless malware attack—executed via a malicious Microsoft Word attachment that contained a hidden PowerShell implant script—encrypted stolen data and sent it to the attackers.
SEE: Incident response policy (Tech Pro Research)
3. GhostSecret and Bankshot attacks
The international cybercrime group known as Hidden Cobra is believed to be associated with Operation GhostSecret, an attack targeting the healthcare, finance, entertainment, and telecommunications sectors and stealing data. The latest variation of the attack, called Bankshot, uses an embedded Adobe Flash exploit to allow hackers to get into victims’ systems.
4. LNK exploits
The amount of malware that exploits LNK capabilities grew 59% from Q4 2017 to Q1 2018, the report found. Meanwhile, PowerShell attacks have slowed.
5. Gandcrab ransomware
Growth in new ransomware slowed by 32% in Q1. However, the Gandcrab strain infected some 50,000 systems in the first three weeks of the quarter alone, taking Locky’s place as the ransomware leader. Gandcrab uses advanced methodologies, such as requesting ransom payments through the Dash cryptocurrency rather than through Bitcoin, to extract more value from their targets.
Tips to protect your business
Despite the rise of new attack types, business leaders can take a number of steps to protect employees and data.
In terms of cryptojacking, the attack is blocked by default in the browser Opera. Mozilla’s FireFox 63, due out in October, will block the attacks as well. Users can also download the minerBlock extension for Chrome and Firefox, as noted by TechRepublic contributor James Sanders.
Businesses can avoid the impact of ransomware by backing up files every day, and by taking other preventative steps.
Employee education remains paramount to any cybersecurity policy. Top ways to train employees to avoid cyberattacks include offering customized examples of threats that are relevant to an employee’s department and role (and particularly what phishing attacks look like), running unscheduling simulations of typical attacks, providing training models that employees can complete at their convenience, and rewarding those who take the proper actions.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Five new threat samples arose every second of Q1 2018. — McAfee, 2018
- Coin miner malware grew 629% in Q1 2018, to more than 2.9 million total known samples. — McAfee, 2018