Cryptojacking tops in the attacker toolkit arsenal

cyber-crime-600

During the past year, an astronomical rise in cryptocurrency values triggered a cryptojacking gold rush with cyber criminals attempting to cash in on a volatile market. Detections of coinminers on endpoint computers increased by 8,500 percent in 2017. India ranks second in Asia-Pacific Japan (APJ) region, ninth globally in terms of crypto mining activities

Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded, according to Symantec’s Internet Security Threat Report (ISTR), Volume 23.

“Cryptojacking is a rising threat to cyber and personal security,” said Tarun Kaura, Director, Enterprise Security Product Management, Asia Pacific and Japan, Symantec. “The massive profit incentive puts people, devices and organizations at risk of unauthorized coinminers siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”

Symantec’s ISTR provides a comprehensive view of the threat landscape, including insights into global threat activity, cyber criminal trends and motivations for attackers. The report analyzes data from the Symantec Global Intelligence Network, the largest civilian threat collection network in the world, records events from 126.5 million attack sensors worldwide and monitors threat activities in over 157 countries and territories. Key highlights include:

 Cryptojacking Attacks Explode by 8,500 Percent

During the past year, an astronomical rise in cryptocurrency values triggered a cryptojacking gold rush with cyber criminals attempting to cash in on a volatile market. Detections of coinminers on endpoint computers increased by 8,500 percent in 2017. India ranks second in Asia-Pacific Japan (APJ) region, ninth globally in terms of crypto mining activities.

With a low barrier of entry – only requiring a couple lines of code to operate – cyber criminals are harnessing stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. Coinminers can slow devices, overheat batteries, and in some cases, render devices unusable. For enterprise organizations, coinminers can put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.

“Now you could be fighting for resources on your phone, computer or IoT device as attackers use them for profit,” added Tarun. “People need to expand their defenses or they will pay for the price for someone else using their device.”

IoT devices continue to be ripe targets for exploitation. Symantec found a 600 percent increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse. Macs are not immune either with Symantec detecting an 80 percent increase in coin mining attacks against Mac OS. By leveraging browser-based attacks, criminals do not need to download malware to a victim’s Mac or PC to carry out cyber attacks. India ranks among the top five countries as source for IoT attacks.