Cryptojacking Skyrocketed By 629% In Q1 2018 – McAfee Labs Threats Report

Crime, News | July 6, 2018 By:

The number of crypto mining malware samples grew by 629 percent in the first quarter of 2018, according to a new report from cybersecurity firm McAfee.

In its recently published Threats Report, McAfee reported that crypto mining malware grew at 629 percent in Q1 2018, rocketing from around 400,000 total known samples in Q4 2017 to over 2.9 million the next quarter.

“This suggests that cybercriminals are warming to the prospect of monetizing infections of user systems without prompting victims to make payments, as is the case with popular ransomware schemes,” the report said. “Compared with well-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler, more straightforward, and less risky. All criminals must do is infect millions of systems and start monetizing the attack by mining for cryptocurrencies on victims’ systems. There are no middlemen, there are no fraud schemes, and there are no victims who need to be prompted to pay and who, potentially, may back up their systems in advance and refuse to pay.”

McAfee also reported that the international cybercrime group known as Lazarus has resurfaced in Q1 2018 — this time with a highly sophisticated and complex cryptocurrency scheme known as HaoBao, which targets global financial organizations and bitcoin users. HaoBao uses the same malicious document structure and similar job recruitment ads as in previous Lazarus campaigns

“When recipients open malicious attachments, an implant scans for bitcoin activity and establishes an implant for persistent data gathering,” the report said. “These techniques bear a strong similarity to other attacks that are believed to have been perpetrated by Lazarus. We expect to see cryptocurrency mining campaigns gain more traction and perhaps even overtake ransomware. Cybercriminals find campaigns such as HaoBao to be highly advantageous because they are more profitable and more difficult to detect with no apparent damage being done.”

McAfee Labs counted 313 publicly disclosed security incidents in Q1 2018, a 41 percent increase over Q4. Incidents involving multiple sectors (37) and those targeting multiple regions (120) were the leading types of incidents in Q1. Incidents in the healthcare space rose 47 percent, while attacks on education and finance went up by 40 percent and 39 percent respectively. In finance, the attacks were not always region specific, as was the case in previous years, but McAfee identified activity in Russia, and related reconnaissance efforts in Turkey and South America.

“Cybercriminals will gravitate to criminal activity that maximizes their profit,” said Steve Grobman, chief technology officer at McAfee. “In recent quarters we have seen a shift to ransomware from data-theft, as ransomware is a more efficient crime. With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.”