Cryptojacking attacks increase by 8500%: Symantec
UAE has the third highest number of cryptominers in MEA region, while KSA ranks first regionally
Cybercriminals are diversifying into the more lucrative cryptomining as traditional hacking marketplace tightens.
Symantec's Internet Security Threat Report (ISTR), Volume 23 reveals that cryptojacking has emerged as a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded. Cryptojacking is the unauthorised use of one’s computing resources for mining of cryptocurrencies.
Hussam Sidani, regional manager for Gulf, Symantec says cryptojacking is a rising threat to cyber and personal security. “The massive profit incentive puts people, devices and organisations at risk of unauthorised coinminers siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centres,” he adds.
The UAE’s 2017 Internet Security Threat Profile improved globally with the country dropping from its world rank of 51 in 2016 to 52 in 2017. However, in the Middle East and Africa (MEA), UAE jumped from its 10th regional rank to 9th this year. The 2017 regional threat ranking is based on eight metrics that represent the main sources of threats: malware (malicious code), spam, phishing hosts, bots, network attacks, web attacks, ransomware and cryptominers. In past year, the UAE primarily faced threats from cyptominers, ransomware and malware.
During the past year, an astronomical rise in cryptocurrency values triggered a cryptojacking gold rush with cyber criminals attempting to cash in on a volatile market. Detections of coinminers on endpoint computers increased by 8,500% in 2017.
In the MEA region, UAE had the third highest share of cryptominers, while Saudi Arabia ranked first, according to Symantec’s ISTR. Globally, U.S. had the largest global share of all cryptomining detections in 2017 (24.47%), followed by Japan and Germany.
With a low barrier of entry – only requiring a couple lines of code to operate – cyber criminals are harnessing stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. Coinminers can slow devices, overheat batteries, and in some cases, render devices unusable. For enterprises, coinminers can put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.
IoT devices continue to be ripe targets for exploitation. Symantec found a 600% increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse.
Traditional hacking remains potent however.
The number of targeted attack groups is still on the rise with Symantec now tracking 140 organised groups. Last year, 71% of all targeted attacks started with spear phishing – the oldest trick in the book – to infect their victims. As targeted attack groups continue to leverage tried and true tactics to infiltrate organisations, the use of zero-day threats is falling out of favour. Only 27% of targeted attack groups have been known to use zero-day vulnerabilities at any point in the past.
The security industry has long discussed what type of destruction might be possible with cyber-attacks. This conversation has now moved beyond the theoretical, with one in ten targeted attack groups using malware designed to disrupt.
For instance, the FBI issued a warning just last week that hackers previously intruded on critical American systems, including U.S. power grids, with the potential to disrupt the running of these plants. Closer to home, a petrochemical plant in Saudi Arabia was attacked specifically for sabotage and to potentially trigger an explosion in August 2017.
In 2016, the profitability of ransomware led to a crowded market. In 2017, the market made a correction, lowering the average ransom cost to $522 and signalling that ransomware has become a commodity. Many cyber criminals may have shifted their focus to coin mining as an alternative to cashing in while cryptocurrency values are high. Additionally, while the number of ransomware families decreased, the number of ransomware variants increased by 46%, indicating that criminal groups are innovating less but are still very productive.
UAE was the sixth most targeted country in MEA for ransomware attacks, down four spots from 2016. Saudi Arabia again experienced the highest number of ransomware detections in the region, maintaining its leading ranking in MEA. Globally, UAE ranked 41st with 0.30% of ransomware attacks detected worldwide. KSA stood at the 25th spot, with 0.61% of global detections.
Symantec identified a 200% increase in attackers injecting malware implants into the software supply chain in 2017. That’s equivalent to one attack every month as compared to four attacks the previous year. Hijacking software updates provides attackers with an entry point for compromising well-guarded networks. The Petya outbreak was the most notable example of a supply chain attack. After using Ukrainian accounting software as the point of entry, Petya used a variety of methods to spread laterally across corporate networks to deploy their malicious payload.
One in every 238 emails sent to organisations in the UAE contained malware, much higher than the global average of one in 412. Large organisations (more than 2,501 employees) continued to be plagued by malicious email with on in every 76 emails containing a malicious attachment or URL. Construction, transportation and public utilities, and services were the leading industries to receive malicious email.
Threats in the mobile space continue to grow year-over-year, including the number of new mobile malware variants which increased by 54%. Symantec blocked an average of 24,000 malicious mobile applications each day last year. As older operating systems continue to be in use, this problem is exacerbated. For example, with the Android operating system, only 20% of devices are running the newest version and only 2.3% are on the latest minor release.