Cryptocurrency mining hijackings up 8,500% – Symantec
MANILA, Philippines – Cryptocurrency mining attacks exploded in popularity as prices of cryptocurrency shifted in 2017, Symantec reported on Tuesday, April 10, in its latest Internet Security Threat Report.
The report points to stealth cryptocurrency mining – also known as cryptojacking – growing as a threat, with an 8,500% increase in activity on endpoint computers.
Cryptojacking is the practice of stealthily using another computer user's computing resources to mine for cryptocurrency. This not only consumes electricity which the victim pays for, but also affects performance of devices affected by hidden cryptominers.
"Cryptojacking is a rising threat to cyber and personal security," said David Rajoo, Symantec's director for systems engineering in Malaysia, Indonesia, and the Philippines.
"The massive profit incentive puts people, devices, and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers," Rajoo added.
The shift towards cryptocurrency mining has also made ransomware attacks fewer, and yet more varied in the types of ransomware attacks done.
Symantec said the number of ransomware variants increased by 46%, indicating that criminal groups are innovating less but remain very productive.
Other attack vectors
Aside from the significant rise of cryptojacking as a practice, Symantec also discussed other avenues of attack.
Symantec said 71% of targeted attacks used spear phishing – sending targeted emails to steal information from unsuspecting respondents.
Attacks against the software supply chain – where malware is implanted into legitimate software and left in its usual distribution location online – have also gone up, from 4 attacks in 2016 to 12 attacks in 2017.
Meanwhile, new mobile malware variants increased by 54%, with Symantec saying it blocked an average of 24,000 malicious mobile applications daily in 2017.
Symantec advised consumers to change the passwords on their devices and services to make it more difficult for hackers to attack them.
Being email savvy will also be helpful, as email is a top infection method. Make sure to keep suspicious emails unopened and deleted, especially if they have links or attachments.
Lastly, keeping software and operating systems updated will also keep security vulnerabilities from being exploited. – Rappler.com