Cybercrime Tactics and Techniques first quarter 2018 report is out and reveals a boom in crypto mining operations aimed at consumers as reported by infosecurity-magazine.
Cyrbermining Skyrockets in Consumer Sphere
According to statistics gathered by Malwarebytes in the report, Android crypto-miners have increased by 4000% since the beginning of 2018. With consumer detection at around 16 million by March, while ransomware was down 35% from the previous quarter. A trend that shows cyber-criminals are favoring crypto-jacking this year over ransomware.
Though businesses didn’t experience the same kind of numbers that consumers did, they were still hit hard with 55,000 detections reported in February, a 27% increase over the last quarter in 2017. Crypto mining can seriously hamper companies as they put a drain on resources, slow productivity, increase energy costs and jeopardize security.
Crypto-jacking also known as drive-by mining saw a massive uptick in activity in late 2017 as cryptocurrency values spiked. Since then a competition between ad blockers and security companies set on detecting and blocking the malware, and criminals working to mask their code, has erupted. Malwarebytes reported that the lowest number of crypto mining detections in a single day was still over a million blocks.
As the persistence of mining through pop-unders has long been identified, black hats have created alternatives for mining undetected and for long periods of time. One method that has become popular is using browser extensions which inject code into each web session.
Mining infections are not only a drain on computing resources but even for the consumer can lead to more serious problems including information theft, installed ransomware, and system hijacking.
Head of malware intelligence at Malwarebytes Adam Kujawa commented on the growing trend saying,
“The main focus here is that criminals have moved towards cryptomining and drive-by mining in lieu of pushing out ransomware or spyware or adware,”
Adware Remains Number One Threat
The increase in drive-by mining hasn’t resulted in a decrease of other parasitic infections. The number one threat for consumers remains adware, while spyware is still the biggest problem for business though percentage wise they are both falling.
Other scams and red flags of note still exist. Malrwarebytes reported that phishing emails continue to appear as if from legitimate sources only to lead the browser to malware. Cryptocurrency themed tech support scams targeting customer wallet information using social media and blackhat SEO practices are ever increasing.
Recent social media bans by companies like Facebook and Twitter on cryptocurrency related ads and services are expected to cut down on the number of consumers lured into clicking on infected links according to the report. However this fails to consider the fact that many social media platforms still freely allow rogue user accounts to disseminate scams.
Image from Shutterstock