Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware
Analysis of vulnerability and threat trends shows cryptomining malware dominates threat landscape in the first half of 2018
SAN JOSE, Calif., July 18, 2018 (GLOBE NEWSWIRE) -- Skybox® Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.
The mid-year update explores trends observed from January to June of 2018. One of the most significant findings is the replacement of ransomware as the cybercriminal tool of choice with cryptomining malware. In the last six months of 2017, ransomware accounted for 32 percent of attacks, while malicious cryptominers accounted for seven percent. By the first half of 2018, the figures had switched almost exactly: malicious cryptominers accounted for 32 percent of attacks while ransomware dropped to eight percent.
"In the last few years, ransomware reigned supreme as the shortcut money-maker for cybercriminals," said Ron Davidson, Skybox CTO and vice president of R&D. "It doesn't require data exfiltration, just encryption to hold the data hostage and a ransom note of how the victim can pay up. With cryptominers, the criminals can go straight to the source and mine cryptocurrency themselves. There's no question of if they'll be paid or not."
Cryptomining uses the computational power of compromised assets to create new blocks in the blockchain of like Bitcoin and Monero. The malicious or unauthorized cryptomining approach indeed avoids several of the drawbacks of ransomware:
- The victim doesn't need to be notified of the attack in order to pay the ransom, so it can continue indefinitely in a stealth manner
- Cryptocurrency can be mined over long-periods of time, rather than the cybercriminal receiving a single lump-sum ransom payment
- There is no decision of payment on the part of the victim - the attack itself controls how much money will be generated.
"Ransomware received a lot of attention in years past, especially thanks to the likes of WannaCry, NotPetya and BadRabbit," said Skybox Director of Threat Intelligence Marina Kidron and leader of the Research Lab behind the report. "To some extent, organizations took note and put effective precautions in place, ensuring they had reliable back-ups and even thwarting attackers with decryption programs. So cybercriminals found - in cryptomining- a path of lesser resistance. The recent uptick in value of cryptocurrencies also made this an incredibly profitable attack option."
Other findings in the report appear to relate to this rise in cryptomining. Internet and mobile vulnerabilities made up nearly a third of all new vulnerabilities published in the first half of 2018. Google Android had by far the most vulnerabilities during that time period, exceeding the tally of the next five most vulnerable vendors combined. Android also logged 200 more vulnerabilities than it did in the second half of 2018. Malicious cryptomining has found an advantage in targeting the app store of the global market leader in mobile devices, with billions of potential targets worldwide.
Browser-based malware is also on the rise in the first half of 2018. "Out of all software today, web browsers are considered the most prone to malicious attacks," said Kidron. "They constantly interact with websites and applications that cybercriminals have infected with malware like cryptominers and other threats via the web, which are notoriously difficult to detect. The cryptomining malware could be active as long as the web session is active, and 'file-less' cryptominers also can hide from conventional security tools as there's no download or attachment to analyze."
No matter the payload, attackers looking to exploit vulnerabilities have more resources than ever. Not only are dark web market places rich with attack tools and services, and criminal forums ripe with information, vulnerabilities themselves have skyrocketed. New vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017 over the previous year, and 2018 looks to be on track to shatter even that record. The 2017 surge and continued elevated numbers is largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. But no matter the reason, organizations have to employ smarter and faster ways to find the signal in the noise and mitigate vulnerability risks before they're used in an attack.
Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by incorporating vulnerability and threat intelligence with the context of their assets, network and security controls. This way, remediation is targeted at the greatest areas of risk while leveraging all response options - patching as well as network-based changes.
About Skybox Research Lab
The Skybox Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.
For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.
About Skybox Security
Skybox provides the industry's broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 120 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world's largest organizations.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
Director of Brand and Communications
408-205-1618 | Tawnya.email@example.com
OneChocolate for Skybox Security
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | firstname.lastname@example.org
A photo accompanying this announcement is available at http://www.globenewswire.com/NewsRoom/AttachmentNg/8c26e3be-8dd4-457a-b19b-becd7c28c469
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire
One Liberty Plaza - 165 Broadway
NY 10006 New York
GlobeNewswire is one of the world's largest newswire distribution networks, specializing in the delivery of corporate press releases financial disclosures and multimedia content to the media, investment community, individual investors and the general public.
Følg saker fra GlobeNewswire
Registrer deg med din epostadresse under for å få de nyeste sakene fra GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra GlobeNewswire
CTG Promotes Three Long-time Business Leaders in Europe15.2.2019 15:00:00 | Pressemelding
Bob Daelman, Guido Helsloot and Rénald Wauthier named Vice Presidents BUFFALO, N.Y., Feb. 15, 2019 (GLOBE NEWSWIRE) -- CTG (NASDAQ: CTG), a leading provider of information technology (IT) solutions and services in North America and Western Europe, announced today that three of the Company’s high-performing managers in its European business, Bob Daelman, Guido Helsloot and Rénald Wauthier, have each been named vice president. “Bob Daelman and Rénald Wauthier have proven track records of significantly expanding their respective businesses in Europe. Guido Helsloot has been key enabler in effecting two acquisitions in the past six years that expanded our operations and was again instrumental in driving our recent Tech-IT acquisition that will give CTG broader end-to-end capabilities to better-serve our clients. Together, this team has greatly contributed to our success in Europe, where CTG has recorded eight consecutive years of revenue growth,” commented Filip Gydé, current Executive Vic
Jazwares Announces Partnership with Kellytoy for Russ Berrie™ Worldwide15.2.2019 01:00:00 | Pressemelding
Sunrise, FL, Feb. 14, 2019 (GLOBE NEWSWIRE) -- Jazwares LLC, a global leader in toys and licensing, announced today that its affiliate Zag Toys, LLC (“Zag Toys”) formed a strategic partnership for their wholly owned brand Russ Berrie™, with Kellytoy, an influential manufacturer and distributor of plush toys and pet products. This relationship will carry on the 50+ year legacy of the Russ Berrie™ brand, positioning it globally as the premier plush brand on retail shelves in Fall 2019. Kellytoy will market the Russ Berrie™ brand through its global distribution channels, which include almost every market segment. “Working together with Kellytoy will maximize the Russ Berrie™ legacy,” says Judd Zebersky, Jazwares CEO and President. “By leveraging Russ Berrie™ and its reputation for quality and commitment to “Make Someone Happy™” with Kellytoy’s global footprint we’ll secure placement in retailers all around the world, putting Russ Berrie™ at the forefront of today’s plush presence at retai
PROFEPA report confirms no contamination of soil from overflow of contingency pond at the San Jose Mine, Mexico in October 201814.2.2019 19:46:00 | Pressemelding
VANCOUVER, British Columbia, Feb. 14, 2019 (GLOBE NEWSWIRE) -- Fortuna Silver Mines Inc. (NYSE: FSM) (TSX: FVI) is pleased to report that the Federal Attorney's Office for Environmental Protection (PROFEPA) has completed its investigation into the overflow of the contingency pond at the dry stack tailings facility at the San Jose Mine on October 8, 2018, which was caused by heavy seasonal rains (refer to Fortuna news release dated October 11, 2018). PROFEPA’s final report confirms that the overflow did not contaminate soil, and therefore no remediation is required. The Company awaits a final report from the Mexican National Water Commission (CONAGUA). The Company reiterates its commitment to safeguarding the wellbeing of the environment, local communities and our work force. About Fortuna Silver Mines Inc. Fortuna is a growth oriented, precious metals producer focused on mining opportunities in Latin America. Our primary assets are the Caylloma silver Mine in southern Peru, the San Jos
Cloudian HyperStore Named 2018 Product of the Year in Software-defined and Cloud Storage by Storage Magazine14.2.2019 19:10:00 | Pressemelding
Also Wins Best Hybrid Cloud Solution in 2018-2019 Cloud Awards, Further Reinforcing Company’s Object Storage Leadership SAN MATEO, Calif., Feb. 14, 2019 (GLOBE NEWSWIRE) -- Cloudian today announced two top industry awards for its HyperStore object storage platform. The awards are the latest honors for the company’s limitlessly scalable, highly cost-effective solution, which provides the industry’s best S3 compatibility and seamless data management across on-premises and public cloud environments. 2018 Software-defined and Cloud Storage Product of the Year TechTarget’s Storage magazine and SearchStorage.com named HyperStore 7 as the Gold winner in the Software-defined and Cloud Storage category of the 2018 Products of the Year Awards. The judging panel of analysts, consultants, users and TechTarget writers were “particularly impressed with [HyperStore’s] functionality.” In addition, the solution received high marks for innovation, value and ease of integration, use and manageability, en
Hot Silicon Valley Tech Firm Grows in Krakow14.2.2019 16:28:00 | Pressemelding
SignalFx Opens Research and Development and Support Office; Hires Industry Veteran Martin Burlinski, Head of Engineering, EMEA SAN MATEO, Calif., Feb. 14, 2019 (GLOBE NEWSWIRE) -- SignalFx, the leader in real-time cloud monitoring for infrastructure, microservices, and applications, is announcing the opening of a new Research, Development and Support Office in Krakow, Poland and the addition of Martin Burlinski, Head of Engineering, EMEA. The new Krakow facility will enable SignalFx to accelerate product development and provide broader global support for its customers. “We were naturally attracted to Krakow not only because of its strong existing talent pool of world-class engineers but also its proximity to recent graduates from the city’s many universities,” said Leonid Igolnik, EVP Engineering for SignalFx. “We have an immediate need for engineers to become a core part of our company working side-by-side with our Silicon Valley and Research Triangle Park teams. With a global client
HL7 and SNOMED International Announce Agreement for Free Set of Terms for Use with International Patient Summary14.2.2019 15:00:00 | Pressemelding
Orlando, Fl., Feb. 14, 2019 (GLOBE NEWSWIRE) -- SNOMED International and Health Level Seven International (HL7) announce today the formalization of a license agreement in which a relevant ‘Free for Use’ Set of SNOMED CT coded concepts will be used within the HL7 International Patient Summary (IPS). Health Level Seven International (HL7) is a not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services. SNOMED International is a not-for-profit, member-owned and driven international organization charged with maintaining and releasing the SNOMED CT clinical terminology product; the world’s most comprehensive clinical terminology. Presently comprised of 38 Member countries globally, SNOMED International supports the role that structured