Five million users attacked

In Analyst Corner

The global outbreak in malicious cryptocurrency mining that unfolded in 2018 saw the number of attacks increase by more than 83%, with over five million users attacked online in the first three quarters of the year, compared to 2.7 million over the same period in 2017. The major driver behind the crypto gold rush was the installation and use of unlicensed software and content, according to Kaspersky Lab.

In 2018, malicious cryptocurrency mining prevailed over the main threat of the last few years: ransomware. The number of internet users attacked by malicious cryptocurrency mining software increased steadily during the first half of the year, peaking in March, with around 1.2 million users a month coming under attack.

Kaspersky Lab experts have investigated the economic background of the sudden onset of crypto-mining fever to discover what drove the global distribution of this threat. They analyzed the regulatory landscape, electricity prices in the top 10 countries targeted by crypto miners and main infection vectors for the popular malware families.

The analysis shows that neither cryptocurrency legislation nor the cost of power has a significant impact on the spread of malicious mining malware. However, the investigation of malware families reveals that they mainly infected devices by duping users into installing pirated software and unlicensed content.

“Our analysis of the economic background of malicious crypto mining and the reasons for its widespread presence in certain regions revealed a clear correlation: the easier it is to distribute unlicensed software, the more incidents of malicious crypto miner activity were detected. In short, an activity not generally perceived as dangerous: the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious crypto mining,” notes Evgeny Lopatin, security expert at Kaspersky Lab.

Other key findings from the report include:

  • The total number of users who encountered miners rose by more than 83%from 2,726,491 in 2017 to 5,001,414 in 2018;
  • The share of miners detected, from the overall number of threats detected also grew, from 5%in 2017 to 8% in 2018;
  • The share of miners detected, from the overall risk tool detections is also on the rise – from 9%in 2017 to 17% in 2018;
  • The total number of users who encountered mobile miners also grew, increasing by over five timesfrom 1,986 in 2017 to 10,242 in 2018.

To reduce the risk of infection with miners, consumers and businesses are advised to:

Always keep software updated on all the devices you use. To prevent miners from exploiting vulnerabilities, use tools that can automatically detect vulnerabilities and download and install patches.

For personal devices, use a reliable consumer security solution and remember to keep key features – such as System Watcher – switched on.

Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines. As the miner that relied on the EternalBlue exploit shows, such equipment can also be hijacked to mine cryptocurrency.

Use application control to track malicious activity in legitimate applications. Specialized devices should be in Default Deny mode. Use dedicated security solution, such as Kaspersky Endpoint Security for Business that includes these functions.

To protect the corporate environment, educate your employees and IT teams, keep sensitive data separate, and restrict access.

Comments

You may also read!

Five indicators that ascertain an impending ransomware attack

Peter Mackenzi, Global Malware Escalations Manager,Sophos, highlights the five indicators that point to an impending ransomware attack on any

Read More...

ESET to highlight KrØØk and Stantinko at Black Hat USA 2020

ESET, will highlight its latest research during Black Hat USA 2020. ESET researchers Robert Lipovský, Štefan Svorenčík and Vladislav

Read More...

Actionable DDoS Weapons Intelligence: a proactive way to successfully defend against DDoS attacks

Ehab Halablab, Regional Sales Director – Middle East at A10 Networks, emphasizes on the need to deploy Actionable DDoS

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu