Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware
Analysis of vulnerability and threat trends shows cryptomining malware dominates threat landscape in the first half of 2018
SAN JOSE, Calif., July 18, 2018 (GLOBE NEWSWIRE) -- Skybox® Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.
The mid-year update explores trends observed from January to June of 2018. One of the most significant findings is the replacement of ransomware as the cybercriminal tool of choice with cryptomining malware. In the last six months of 2017, ransomware accounted for 32 percent of attacks, while malicious cryptominers accounted for seven percent. By the first half of 2018, the figures had switched almost exactly: malicious cryptominers accounted for 32 percent of attacks while ransomware dropped to eight percent.
"In the last few years, ransomware reigned supreme as the shortcut money-maker for cybercriminals," said Ron Davidson, Skybox CTO and vice president of R&D. "It doesn't require data exfiltration, just encryption to hold the data hostage and a ransom note of how the victim can pay up. With cryptominers, the criminals can go straight to the source and mine cryptocurrency themselves. There's no question of if they'll be paid or not."
Cryptomining uses the computational power of compromised assets to create new blocks in the blockchain of like Bitcoin and Monero. The malicious or unauthorized cryptomining approach indeed avoids several of the drawbacks of ransomware:
- The victim doesn't need to be notified of the attack in order to pay the ransom, so it can continue indefinitely in a stealth manner
- Cryptocurrency can be mined over long-periods of time, rather than the cybercriminal receiving a single lump-sum ransom payment
- There is no decision of payment on the part of the victim - the attack itself controls how much money will be generated.
"Ransomware received a lot of attention in years past, especially thanks to the likes of WannaCry, NotPetya and BadRabbit," said Skybox Director of Threat Intelligence Marina Kidron and leader of the Research Lab behind the report. "To some extent, organizations took note and put effective precautions in place, ensuring they had reliable back-ups and even thwarting attackers with decryption programs. So cybercriminals found - in cryptomining- a path of lesser resistance. The recent uptick in value of cryptocurrencies also made this an incredibly profitable attack option."
Other findings in the report appear to relate to this rise in cryptomining. Internet and mobile vulnerabilities made up nearly a third of all new vulnerabilities published in the first half of 2018. Google Android had by far the most vulnerabilities during that time period, exceeding the tally of the next five most vulnerable vendors combined. Android also logged 200 more vulnerabilities than it did in the second half of 2018. Malicious cryptomining has found an advantage in targeting the app store of the global market leader in mobile devices, with billions of potential targets worldwide.
Browser-based malware is also on the rise in the first half of 2018. "Out of all software today, web browsers are considered the most prone to malicious attacks," said Kidron. "They constantly interact with websites and applications that cybercriminals have infected with malware like cryptominers and other threats via the web, which are notoriously difficult to detect. The cryptomining malware could be active as long as the web session is active, and 'file-less' cryptominers also can hide from conventional security tools as there's no download or attachment to analyze."
No matter the payload, attackers looking to exploit vulnerabilities have more resources than ever. Not only are dark web market places rich with attack tools and services, and criminal forums ripe with information, vulnerabilities themselves have skyrocketed. New vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017 over the previous year, and 2018 looks to be on track to shatter even that record. The 2017 surge and continued elevated numbers is largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. But no matter the reason, organizations have to employ smarter and faster ways to find the signal in the noise and mitigate vulnerability risks before they're used in an attack.
Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by incorporating vulnerability and threat intelligence with the context of their assets, network and security controls. This way, remediation is targeted at the greatest areas of risk while leveraging all response options - patching as well as network-based changes.
About Skybox Research Lab
The Skybox Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.
For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.
About Skybox Security
Skybox provides the industry's broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 120 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world's largest organizations.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
Director of Brand and Communications
408-205-1618 | Tawnya.firstname.lastname@example.org
OneChocolate for Skybox Security
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | email@example.com
A photo accompanying this announcement is available at http://www.globenewswire.com/NewsRoom/AttachmentNg/8c26e3be-8dd4-457a-b19b-becd7c28c469
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire
One Liberty Plaza - 165 Broadway
NY 10006 New York
GlobeNewswire is one of the world's largest newswire distribution networks, specializing in the delivery of corporate press releases financial disclosures and multimedia content to the media, investment community, individual investors and the general public.
Følg saker fra GlobeNewswire
Registrer deg med din epostadresse under for å få de nyeste sakene fra GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra GlobeNewswire
WillScot Announces Appointment of General Counsel17.6.2019 22:29:00 CEST | Pressemelding
BALTIMORE, June 17, 2019 (GLOBE NEWSWIRE) -- WillScot Corporation (“WillScot”) (Nasdaq: WSC) today announced the appointment of Mr. Hezron Timothy Lopez to serve as the Company’s Vice President, General Counsel & Corporate Secretary, effective June 17, 2019. Mr. Lopez joins WillScot after having served from 2012 to 2018 as Senior Vice President, General Counsel and Corporate Secretary of Herman Miller, Inc., a Nasdaq-listed manufacturer of home and office furniture. From 2008 to 2012, Mr. Lopez served as Associate General Counsel and Head of Merger & Acquisition, Commercial and International for A. O. Smith Corporation, a manufacturer of water heating equipment and water treatment products. About WillScot Corporation Headquartered in Baltimore, Maryland, WillScot (Nasdaq: WSC) is the public holding company for the Williams Scotsman family of companies and is the specialty rental services market leader providing innovative modular space and portable storage solutions across North Americ
Cineworld Group and Cinionic Strike 1,000+ Unit Deal to Roll Out Acclaimed Barco Laser Projectors to Theaters Worldwide17.6.2019 18:05:00 CEST | Pressemelding
Cineworld embarks on global renewal with Cinionic, powered by award-winning projection portfolio and enhanced services KORTRIJK, Belgium, June 17, 2019 (GLOBE NEWSWIRE) -- Cinionic, the Barco, CGS, and ALPD cinema joint venture providing a new visual standard with enhanced services and technology solutions, announces a significant expansion in its relationship with one of the world’s largest theater chains, Cineworld Group plc (LON:CINE), to continue delivering an elevated movie-going experience for audiences worldwide. Cinionic will illuminate Cineworld Group operated theaters in the U.S., EU and UK with enhanced services and award-winning portfolio of Barco laser projectors, including the newly launched Barco Series 4. Over the next 18 months, Cineworld will upgrade and deploy over 1,000 projectors worldwide with Barco Laser solutions to deliver a new visual standard in cinema, supported by Barco Alchemy media servers and maintained for the next decade through Cinionic’s enhanced ser
Rock Tech Engages KBM Resources Group for LiDAR Survey at Georgia Lake17.6.2019 14:15:00 CEST | Pressemelding
VANCOUVER, British Columbia, June 17, 2019 (GLOBE NEWSWIRE) -- Rock Tech Lithium Inc. (the "Company" or “Rock Tech”) (TSX-V: RCK; Frankfurt: RJIB) is pleased to announce that it has engaged KBM Resources Group (“KBM”) to complete a LiDAR and high-resolution imagery survey at its 100%-owned Georgia Lake lithium project in Ontario, Canada. The aerial acquisition of LiDAR and digital photography will cover the Nama Creek main zone and adjacent areas of the Georgia Lake lithium project. The LiDAR survey, with a relatively high resolution of 10 laser points per square metre and an absolute accuracy of 10 cm vertical and 20 cm horizontal, will produce LAS files with classified ground points including a bare earth model and georeferenced orthoimagery. “The ideal time to fly this survey is after the snow melt and before leaf-out,” commented Martin Stephan, Rock Tech’s Chief Executive Officer. “These conditions, combined with a favourable regional weather forecast, shall make for a successful L
Carpenter Technology and Israel Aerospace Industries Announce Collaboration to Produce Commercial Aircraft Additive Parts17.6.2019 14:00:00 CEST | Pressemelding
Le Bourget, FRANCE, June 17, 2019 (GLOBE NEWSWIRE) -- Carpenter Technology Corporation (NYSE: CRS) and Israel Aerospace Industries (IAI) today announced their collaboration to produce additively manufactured components for a serial production commercial aircraft. This collaboration will result in IAI’s first metallic additively-produced parts, which are expected to provide significant manufacturing benefits and lay the groundwork for future design improvements and enhancements. IAI is working closely with Israel’s Civil Aviation Authority for approval of the parts, which when accomplished will represent the first time this technology has been approved for commercial use in Israel. Carpenter Technology, through its Carpenter Additive business unit, is producing the parts and providing supporting information to assist with their approval. “Together, Carpenter Additive and IAI are pioneering the use of this technology for new platforms and applications,” said Marshall Akins, Carpenter Tec
Major HAProxy Releases Increase Support for Cloud-Native and Containerized Application Architectures17.6.2019 14:00:00 CEST | Pressemelding
Key Community Releases Include HAProxy 2.0, HAProxy Data Plane API and HAProxy Kubernetes Ingress Controller WALTHAM, Mass., June 17, 2019 (GLOBE NEWSWIRE) -- HAProxy Technologies, provider of the world’s fastest and most widely-used software load balancer, today announced that the HAProxy community has released HAProxy 2.0 and several other key products that make it easier to extend, configure and manage HAProxy in cloud-native and containerized environments. The company also announced its inaugural community user conference, HAProxyConf 2019, which will take place in Amsterdam, Netherlands on November 12th and 13th, 2019. “The release of HAProxy 2.0 along with the new HAProxy Data Plane API and HAProxy Kubernetes Ingress Controller mark the culmination of a significant re-architecture of HAProxy to add the flexibility and features needed to optimize support for modern application architectures,” said Willy Tarreau, HAProxy community lead and HAProxy Technologies CTO. “I am extremely
Brookfield Asset Management Announces Results of Annual and Special Meeting of Shareholders17.6.2019 12:55:00 CEST | Pressemelding
BROOKFIELD, NEWS, June 17, 2019 (GLOBE NEWSWIRE) -- Brookfield Asset Management Inc. (TSX: BAM.A, NYSE: BAM, Euronext: BAMA) today announced that at the company’s annual and special meeting of shareholders held on June 14, 2019 in Toronto, over 85% of Class A Limited Voting Shares (“Class A Shares”) voted in favour of a new management share option plan. In addition, at the meeting all eight nominees proposed for election to the board of directors by holders of Class A Shares and all eight nominees proposed for election to the board of directors by the holder of Class B Limited Voting Shares (“Class B Shares”) were elected. Detailed results of the vote for the election of directors are set out below. Management received the following proxies from holders of Class A Shares in regard to the election of the eight directors nominated by this shareholder class: Director Nominee Votes For % Votes Withheld % M. Elyse Allan 731,503,129 99.60 2,926,448 0.40 Angela F. Braly 730,750,957 99.50 3,67