Consumer cryptomining attacks increase 4,000 percent
We already know that cryptomining is currently flavor of the month among malware creators, but a new report released today by Malwarebytes puts some startling figures on the problem.
On consumer systems cryptomining detections were up a massive 4,000 percent in the last quarter, while ransomware detections fell 35 percent over the same period. For businesses cryptomining detections rose 27 percent this quarter and ransomware detections 28 percent. However, Spyware is still the cybercriminals' favourite choice, with over 80,000 detections in January alone.
"The main focus here is that criminals have moved towards cryptomining and drive-by mining in lieu of pushing out ransomware or spyware or adware," says Adam Kujawa, head of malware intelligence at Malwarebytes. "We've seen crypto mining increase 27 percent is businesses this quarter, as well as nearly 40 times more detections for Android miners. In March we saw 1,000 detections of miners for Macs."
Drive-by mining or cryptojacking saw a massive spike in activity in late 2017, coinciding with high cryptocurrency values. Since then, as ad blockers and security companies have started to detect and block Coinhive, criminals have gone to greater lengths to mask their code. The lowest number of drive-by cryptomining detections recorded in a single day was still over a million blocks.
In addition to persistent mining through pop-unders, criminals have found other ways to mine for long and uninterrupted periods of time. One is by using a booby-trapped browser extension that injects code in each web session. This is what happened to the Archive Poster extension because one of their developers had his Google account credentials compromised.
Alongside the report Malwarebytes is launching its Endpoint Detection and Response (EDR) product. This allows organisations to proactively hunt for malware across all of their endpoints without the need for a dedicated resource. This increases the efficacy of protection and provides a lower total cost of ownership. A single console delivers greater security visibility and direct drill-downs to explore and instantly manage all security events. All this is accomplished with reduced hardware cost and a reduced server footprint.
If an endpoint is compromised, Malwarebytes isolates it in three ways. Network isolation restricts which processes can communicate. Process isolation controls which processes are allowed to keep functioning. Finally desktop isolation alerts the end user and halts further interaction to limit damage. With these three controls, malware is rendered incommunicado and remote attackers are locked out.