“Infect and Collect” is a New Cybercriminal Paradigm

MacAfee Lab reports exponential growth of cryptojacking malware in Q1.

The California-based device-to-cloud cybersecurity company McAfee Labs has published a fresh report on cyber threats that plagued the internet community in the first three months of 2018.

After examining the latest cyber threats, the researchers revealed that the prevalence of cryptojacking and other cryptocurrency mining malware have grown exponentially. Moreover, cybercriminals have improved their technical skills, and are building on the most sophisticated attacks of 2017.

Cryptojacking on the rise

Cybercriminals continued to target cryptocurrencies as the vital source of easy, albeit illegal profits. They expanded their cryptojacking activity, turning infected user systems into cryptocurrency mining spots.

Coin miner malware that hijacks victims’ browsers or infects their systems to secretly use them to mine digital coins spiked to 2.9 million in Q1 from 400,000 samples in Q4 2017. The stunning growth of 629% suggests that hackers are tending to move away from ransomware and are monetizing their criminal activity quietly, without urging victims to make payments.

"Compared with well-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler, more straightforward, and less risky. All criminals must do is infect millions of systems and start monetizing the attack by mining for cryptocurrencies on victims’ systems," Steve Grobman, Chief Technology Officer of MacAfee Lab explains. "There are no middlemen, there are no fraud schemes, and there are no victims who need to be prompted to pay and who, potentially, may back up their systems in advance and refuse to pay."

Raj Samani, the chief scientist at McAfee Lab, commented that the sophisticated nation-state cyber-attacks registered in Q1 around the globe prove the high level of technical agility and their ability to use innovative tools and tactics to override security barriers and anti-virus scans. 

Lazarus is up to its old tricks again

This cybercriminal ring, responsible for a large-scale  Korean- and English-language phishing email campaign in 2017, now targets global financial institutes and Bitcoin users. Malicious software is installed on victims' devices from an infected email attachment and scans for Bitcoin-related activity, gathering personal data and mining cryptocurrencies.

"These techniques bear a strong similarity to other attacks that are believed to have been perpetrated by Lazarus," McAfee analysts say.

Not so healthy

There were 313 security incidents publicly disclosed in 37 sectors and across 120 regions in Q1 2018, which is 41% increase over Q4. McAfee Labs reports that the health industry was the most vulnerable as the number of disclosed incidents rose 47%. Cybercriminals continued to target this sector with ransomware, and the hospitals were forced to pay the criminals on numerous occasions. The education and finance sectors complete the Top-3 with 40% and 39% increases respectively.