ThreatList: Cryptominers Dominate Malware Growth in 2018

The rise of piracy has helped drive the spike in attacks.

The number of cryptomining attacks increased by more than 83 percent in the past year, with more than 5 million people attacked with the malware in the first three quarters of 2018.

That’s compared to 2.7 million people over the same period in 2017, according to stats from Kaspersky Lab.

The firm’s research also found that cryptomining attacks increased steadily during the first half of the year, peaking in March, when around 1.2 million users faced an attack.

Click to enlarge.

Kaspersky Lab researchers found that drivers behind this ramp aren’t necessarily the most obvious: The analysis revealed that neither cryptocurrency legislation nor the falling cost of power has a significant impact on the spread of malicious cryptominers.

Rather, consumer interest in the installation and use of unlicensed software and pirated content was the major driver behind the crypto-bonanza.

“Our analysis of the economic background of malicious crypto-mining and the reasons for its widespread presence in certain regions revealed a clear correlation,” said Evgeny Lopatin, security expert at Kaspersky Lab, in the report. “The easier it is to distribute unlicensed software, the more incidents of malicious cryptominer activities were detected. In short, an activity not generally perceived as especially dangerous, the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious cryptomining.”

The analysis also uncovered that the share of miners detected out of the overall number of threats seen grew as well, from 5 percent in 2017 to 8 percent in 2018; and, the total number of users who encountered mobile miners spiked significantly, increasing by more than five times from 1,986 users in 2017 to 10,242 in 2018.

Click to enlarge.

Hidden mining software was very popular among botnet owners too; telemetry on files downloaded by zombie networks showed a boom in cryptominers for the first quarter; they represented 4.6 percent of the total number of files downloaded by botnets. For comparison, in Q2 of 2017, this figure was 2.9 percent.

“Mining differs favorably for cybercriminals in that, if executed properly, it can be impossible for the owner of an infected machine to detect, and thus the chances of encountering the cyberpolice are far lower,” researchers said in the report. “And the reprofiling of existing server capacity completely hides its owner from the eyes of the law. Evidence suggests that the owners of many well-known botnets have switched their attack vector toward mining.”

Suggested articles

2021 Attacker Dwell Time Trends and Best Defenses

The time that attackers stay hidden inside an organization’s networks is shifting, putting pressure on defenders and upping the need to detect and respond to threats in real-time.