Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware
Analysis of vulnerability and threat trends shows cryptomining malware dominates threat landscape in the first half of 2018
SAN JOSE, Calif., July 18, 2018 (GLOBE NEWSWIRE) -- Skybox® Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.
The mid-year update explores trends observed from January to June of 2018. One of the most significant findings is the replacement of ransomware as the cybercriminal tool of choice with cryptomining malware. In the last six months of 2017, ransomware accounted for 32 percent of attacks, while malicious cryptominers accounted for seven percent. By the first half of 2018, the figures had switched almost exactly: malicious cryptominers accounted for 32 percent of attacks while ransomware dropped to eight percent.
"In the last few years, ransomware reigned supreme as the shortcut money-maker for cybercriminals," said Ron Davidson, Skybox CTO and vice president of R&D. "It doesn't require data exfiltration, just encryption to hold the data hostage and a ransom note of how the victim can pay up. With cryptominers, the criminals can go straight to the source and mine cryptocurrency themselves. There's no question of if they'll be paid or not."
Cryptomining uses the computational power of compromised assets to create new blocks in the blockchain of like Bitcoin and Monero. The malicious or unauthorized cryptomining approach indeed avoids several of the drawbacks of ransomware:
- The victim doesn't need to be notified of the attack in order to pay the ransom, so it can continue indefinitely in a stealth manner
- Cryptocurrency can be mined over long-periods of time, rather than the cybercriminal receiving a single lump-sum ransom payment
- There is no decision of payment on the part of the victim - the attack itself controls how much money will be generated.
"Ransomware received a lot of attention in years past, especially thanks to the likes of WannaCry, NotPetya and BadRabbit," said Skybox Director of Threat Intelligence Marina Kidron and leader of the Research Lab behind the report. "To some extent, organizations took note and put effective precautions in place, ensuring they had reliable back-ups and even thwarting attackers with decryption programs. So cybercriminals found - in cryptomining- a path of lesser resistance. The recent uptick in value of cryptocurrencies also made this an incredibly profitable attack option."
Other findings in the report appear to relate to this rise in cryptomining. Internet and mobile vulnerabilities made up nearly a third of all new vulnerabilities published in the first half of 2018. Google Android had by far the most vulnerabilities during that time period, exceeding the tally of the next five most vulnerable vendors combined. Android also logged 200 more vulnerabilities than it did in the second half of 2018. Malicious cryptomining has found an advantage in targeting the app store of the global market leader in mobile devices, with billions of potential targets worldwide.
Browser-based malware is also on the rise in the first half of 2018. "Out of all software today, web browsers are considered the most prone to malicious attacks," said Kidron. "They constantly interact with websites and applications that cybercriminals have infected with malware like cryptominers and other threats via the web, which are notoriously difficult to detect. The cryptomining malware could be active as long as the web session is active, and 'file-less' cryptominers also can hide from conventional security tools as there's no download or attachment to analyze."
No matter the payload, attackers looking to exploit vulnerabilities have more resources than ever. Not only are dark web market places rich with attack tools and services, and criminal forums ripe with information, vulnerabilities themselves have skyrocketed. New vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017 over the previous year, and 2018 looks to be on track to shatter even that record. The 2017 surge and continued elevated numbers is largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. But no matter the reason, organizations have to employ smarter and faster ways to find the signal in the noise and mitigate vulnerability risks before they're used in an attack.
Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by incorporating vulnerability and threat intelligence with the context of their assets, network and security controls. This way, remediation is targeted at the greatest areas of risk while leveraging all response options - patching as well as network-based changes.
About Skybox Research Lab
The Skybox Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.
For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.
About Skybox Security
Skybox provides the industry's broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 120 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world's largest organizations.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
Director of Brand and Communications
408-205-1618 | Tawnya.firstname.lastname@example.org
OneChocolate for Skybox Security
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | email@example.com
A photo accompanying this announcement is available at http://www.globenewswire.com/NewsRoom/AttachmentNg/8c26e3be-8dd4-457a-b19b-becd7c28c469
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire
Om Nasdaq GlobeNewswire
One Liberty Plaza - 165 Broadway
NY 10006 New York
+1 212 401 8700http://www.nasdaqomx.com
NASDAQ (NASDAQ: NDAQ) is a leading provider of trading, exchange technology, information and public company services across six continents.
Følg saker fra Nasdaq GlobeNewswire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Nasdaq GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Nasdaq GlobeNewswire
GridGain Systems Named to Inc. 500 List of America’s Fastest-Growing Private Companies for Second Consecutive Year16.8.2018 09:00 | Pressemelding
GridGain Ranks 17th among Software Companies, 13th in San Francisco Metro Area FOSTER CITY, Calif., Aug. 16, 2018 (GLOBE NEWSWIRE) -- GridGain Systems, provider of enterprise-grade in-memory computing solutions based on Apache® Ignite™, today announced it has been named to the 37th annual Inc. 500 list, a highly regarded ranking of the nation’s fastest-growing private companies. This is the second year in a row GridGain has been named to the list. GridGain’s rank of 158 on this year’s Inc. 500 list is up from number 187 last year. The company is ranked 17th among software companies, 13th in the San Francisco metro area, and 37th in the state of California. The Inc. 500 represents a unique look at the most successful companies within the American economy’s most dynamic segment – its independent small and midsized businesses. GridGain provides an in-memory computing platform that delivers speed, scale and high availability to data-intensive applications. Built on a memory-centric archite
Perceptyx Named One of America’s Fastest Growing Companies for the 4th Consecutive Year16.8.2018 05:37 | Pressemelding
INC 5000 award recognizes Perceptyx’s continued innovation and partnership with many of the world’s best companies SAN DIEGO, Aug. 15, 2018 (GLOBE NEWSWIRE) -- For the 4th consecutive year, Perceptyx has made the prestigious INC 5000 list of America’s fastest growing private companies. A recognized leader in people analytics, Perceptyx specializes in facilitating organizational change through the strategic use of employee surveys and management consulting. Longtime partners with many of the world's largest organizations, Perceptyx is uniquely capable of delivering insights across heavily distributed organizations with complex hierarchies in a way that’s as unique as an organization’s culture and brand. “We’re proud to be recognized among America’s fastest growing companies again,” says John Borland, Co-founder and CEO of Perceptyx. “We believe that our clients are the real heroes of their organizations. It has been our honor to help so many of the world’s best companies realize their g
Bombardier Establishes Automatic Securities Disposition Plan15.8.2018 22:48 | Pressemelding
Not for distribution to U.S. news wire services or public dissemination in the United States Plan permits sales of vested shares earned by certain senior executives in accordance with predetermined instructions Plan reinforces the incentive effect of performance-based compensation by allowing for the sale of shares on the open market over a period of up to two years at prevailing market prices, regardless of any subsequent material non-public information participants may receive Plan participants must satisfy Bombardier’s minimum stock ownership guidelines for senior executives MONTRÉAL, Aug. 15, 2018 (GLOBE NEWSWIRE) -- Bombardier announced today that it has established an automatic securities disposition plan (“ASDP”) in accordance with applicable Canadian provincial securities legislation. The ASDP allows for the exercise and sale of vested securities earned by certain senior executives of Bombardier as part of their overall performance-based compensation. Under Canadian securities
Cisco Reports Fourth Quarter and Fiscal Year 2018 Earnings15.8.2018 22:05 | Pressemelding
• Q4 Results: Revenue: $12.8 billion ▪ Increase of 6% year over year ▪ Recurring revenue was 32% of total revenue, up 1 point year over year Earnings per Share: GAAP: $0.81; Non-GAAP: $0.70 ▪ Non-GAAP EPS increased 15% year over year • FY 2018 Results: Revenue: $49.3 billion; increase of 3% year over year Earnings per Share: GAAP: $0.02; Non-GAAP: $2.60 ▪ Non-GAAP EPS increased 9% year over year ▪ GAAP results include a $10.4 billion charge related to the enactment of the Tax Cuts and Jobs Acts • Q1 FY 2019 Guidance: Revenue: 5% to 7% growth year over year Earnings per Share: GAAP: $0.69 to $0.74; Non-GAAP: $0.70 to $0.72 SAN JOSE, Calif., Aug. 15, 2018 (GLOBE NEWSWIRE) -- Cisco today reported fourth quarter and fiscal year results for the period ended July 28, 2018. Cisco reported fourth quarter revenue of $12.8 billion, net income on a generally accepted accounting principles (GAAP) basis of $3.8 billion or $0.81 per share, and non-GAAP net income of $3.3 billion or $0.70 per share.
Williams Scotsman Completes ModSpace Acquisition15.8.2018 22:05 | Pressemelding
BALTIMORE, Aug. 15, 2018 (GLOBE NEWSWIRE) -- WillScot Corporation (Nasdaq: WSC) (“Williams Scotsman”), the leading specialty rental services provider of innovative modular space and portable storage solutions across North America, today announced that it has completed its acquisition of Modular Space Holdings, Inc. (“ModSpace”) for a total purchase price of approximately $1.2 billion. With the addition of ModSpace, Williams Scotsman now manages over 160,000 modular space and portable storage units serving an even broader customer base from over 120 locations across the United States, Canada and Mexico. The acquisition also expands the breadth and depth of its Ready to Work solutions to existing and incremental customers and markets. Brad Soultz, President and Chief Executive Officer of Williams Scotsman, commented, “We are pleased to confirm the completion of this transformational acquisition and would like to thank our collective customers, employees, and stakeholders for their suppor
Algeco Announces Second Quarter 2018 Financial Results Conference Call and Change to Reporting in Euro15.8.2018 18:00 | Pressemelding
BALTIMORE, Aug. 15, 2018 (GLOBE NEWSWIRE) -- Algeco Investments B.V. (together with its subsidiaries, “Algeco”), the leading global business services provider of modular space, secure portable storage solutions and remote workforce accommodations, today announced that it will hold its second quarter 2018 financial results conference call on Wednesday, August 29, 2018 at 10:00 a.m., Eastern Time. To access the call, please dial (847) 585-4422 or (888) 424-8151 (US toll free) and enter participant PIN code 6638830# approximately ten minutes prior to the start of the call. You will be placed on hold until the event begins. The conference call will also be broadcast over the internet with an accompanying slide presentation. To join the web conference, go to http://web.meetme.net/r.aspx?p=2&a=UTiLPVrenccJZd. Please enter your name, email address and company to join the call. The customer service team can be reached at any time by pressing *0 on your telephone keypad. Prior to the call, the
I vårt presserom finner du alle våre siste saker, kontaktpersoner, bilder, dokumenter og annen relevant informasjon om oss.Besøk vårt presserom