Analysis of vulnerability and threat trends shows cryptomining malware dominates threat landscape in the first half of 2018
One of the most significant findings in Skybox Security’s Vulnerability and Threat Trends Report, is the replacement of ransomware as the cybercriminal tool of choice with cryptomining malware, malicious cryptominers accounted for 32 percent of attacks while ransomware dropped to eight percent.
“In the last few years, ransomware reigned supreme as the shortcut money-maker for cybercriminals,” said Ron Davidson, Skybox CTO and Vice President of R&D. “It doesn’t require data exfiltration, just encryption to hold the data hostage and a ransom note of how the victim can pay up. With cryptominers, the criminals can go straight to the source and mine cryptocurrency themselves. There’s no question of if they’ll be paid or not.”
“Ransomware received a lot of attention in years past, special thanks to the likes of WannaCry, NotPetya and BadRabbit,” said Skybox Director of Threat Intelligence Marina Kidron and leader of the Research Lab behind the report. “To some extent, organizations took note and put effective precautions in place, ensuring they had reliable back-ups and even thwarting attackers with decryption programs. So cybercriminals found — in cryptomining— a path of lesser resistance. The recent uptick in value of cryptocurrencies also made this an incredibly profitable attack option.”
Google Android had by far the most vulnerabilities in the first half of 2018, exceeding the tally of the next five most vulnerable vendors combined. Android also logged 200 more vulnerabilities than it did in the second half of 2018. Malicious cryptomining has found an advantage in targeting the app store of the global market leader in mobile devices, with billions of potential targets worldwide.
New vulnerabilities catalogued by MITRE’s National Vulnerability Database doubled in 2017 over the previous year, and 2018 looks to be on track to shatter even that record. The 2017 surge and continued elevated numbers is largely due to organizational improvements at MITRE and increased security research by vendors and third–parties, including vendor–sponsored bug bounty programs. But no matter the reason, organizations have to employ smarter and faster ways to find the signal in the noise and mitigate vulnerability risks before they’re used in an attack.
