The first quarter of 2018 has already passed, and security researchers were able to draw some important conclusions. It appears that during the first three months of this year, ransomware was finally dethroned. The new most prevalent cybersecurity threat is now cryptomining, to no one’s surprise, really. The statistics come from Comodo’s Global Malware Report Q1 2018.
Ransomware No Longer Number 1 Threat
Ransomware has long been the most widespread infection attacking users worldwide and compromising their private data. Now, cryptominers have become the most prevailing infection. However, it is not Bitcoin that is in the spotlight of malicious crypto mining but Monero, researchers found.
Researchers from Comodo have been following cryptominers, and concluded that the biggest increase in these infections started in 2017 shortly after Bitcoin’s price skyrocketed to $20,000. The infection tendency continued with the beginning of 2018 when the market cap of cryptocurrencies reached $264 billion. This is the milestone that shifted the attention of cybercriminals from ransomware to cryptomining.
During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10% share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42% decrease.
More specifically, Monero miners have become attackers’ favorite tools. And that’s not surprising at all – cybercriminals have been choosing Monero over Bitcoin for several reasons.
Since the beginning of 2017 Monero has been growing steadily. Monero (XMR) is perhaps the most untraceable cryptocurrency, and it has been developed with privacy in mind. It is open-source and freely available to all. With Monero, you are your own bank. According to Monero’s official website, only you control and are responsible for your funds, and your accounts and transactions are kept private from prying eyes.
Monero was launched in 2014, and it offers enhanced privacy features. It is a fork of the Bytecoin codebase which uses identity-obscuring ring sugnatures. This is how the cryptocurrency conceals which funds have been sent in both directions – to whom and by whom.
Monero’s privacy-centered features ideally serve cybercriminals’ purposes, as it hides their transactions, cannot be tracked or blacklisted. Monero also creates blocks every two minutes which gives criminals more opportunities for attacks. Monero is also perfect for mining on average user machines.
As a result, numerous Monero miners have been detected in the wild exploiting the resources of users’ computers worldwide. Here are several examples:
Other Malware Trends from Q1 of 2018
Password, Data Stealers
Besides cryptominers, password stealers have become more sophisticated than before. Comodo researchers observed the trend of credentials stealers being added to malware. This means that criminals are very interested in collecting passwords and login details. The team analyzed new variants of the well-known Pony Stealer malware which has demonstrated new capabilities in stealing data, and had become stealthier than before.
Even though ransomware is not the most widespread threat right now it doesn’t mean that ransomware operators will leave things at that.
Ransomware attacks led the malware market in previous quarters, but showed a radical decrease in the number of overall detections, likely due to the shift to the low-hanging fruit of cryptominers, researchers said in their report. The number of ransomware infections dropped from 42% in August 2017 to just 9% in February 2018. Nonetheless, Comodo says that both users and security experts should prepare for new ransomware attacks, where the focus may be data destruction like in the NotPetya case.
Geopolitical malware detections correlate with current events around the world, the report found out. In Q1 2018, there were potential geopolitical correlations related to national elections in China and Russia. Comody says that there were correlations in Egypt, India, Iran, Israel, Turkey and Ukraine relative to military operations, along with other trends across Europe, Asia and Africa.