A new study by cybersecurity solutions provider Fortinet has shown that the attack methods of cybercriminals are evolving to deliver improved success rates and speed up infections. While ransomware remains a “destructive” tool, there is a tendency among online criminals to turn to hijacking systems for the purpose of mining cryptocurrencies. The number of companies affected by cryptojacking malware more than doubled in the first quarter of 2018, according to Fortinet data.
Fortinet chief security officer Phil Quade said:
“We face a troubling convergence of trends across the cybersecurity landscape. Malicious cyber actors are demonstrating their efficiency and agility by exploiting the expanding digital attack surface, taking advantage of newly announced zero-day threats, and maximizing the accessibility of malware for evil intent.”
The research has found that cybercriminals are becoming more sophisticated and have improved their usage of malware and the zero-day vulnerabilities to attack at faster speed and greater scale.
While there was a 13% drop in detections per firm by 13% during the period under report, unique exploit detection rose in number by more than 11%, and 73% of companies were hit by a severe exploit.
In addition, the researchers found that malware is evolving and becoming harder to detect and prevent. The occurrence of crypto mining malware surged from 13% to 28% between quarters, with cryptojacking most widespread in Africa, Latin America, and the Middle East.
Cryptojacking is gaining popularity
A separate report by Malwarebytes has also found that cryptojacking threats have overtaken malware as the preferred method of cybercriminals.
Malwarebytes’ Cybercrime Tactics and Techniques report said:
“A huge spike in September and October 2017 resulted in more than 25 million detections of crypto mining malware on consumer machines. By March, the decline still left us with 16 million detections.”
But another report by cybersecurity company Proofpoint indicated that human error is still the most significant contributing factor in cybersecurity attacks.
“Email remains the top attack vector. Threats range from spam that clogs inboxes and wastes resources to email fraud that can cost organizations and people millions of dollars… And mainstream interest in cryptocurrency is driving advances in malware and new approaches to phishing and cybercrime.”