Welcome!

News Feed Item

Cryptominers Leaped Ahead of Ransomware in Q1 2018, Comodo Cybersecurity Threat Research Labs' Global Malware Report Shows

SAN FRANCISCO, April 17, 2018 /PRNewswire/ -- RSA CONFERENCE 2018 -- Comodo Cybersecurity, a global innovator and developer of cybersecurity solutions and a division of Comodo Security Solutions Inc., today announced the Comodo Cybersecurity Threat Research Labs' "Global Malware Report Q1 2018."

Comodo Cybersecurity's report is among the first to present Q1 2018 data, and the company's threat analysis shows a very different picture from 2017. Specifically, during the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware — which declined significantly in volume — as the number one threat.

Another surprising finding: Altcoin Monero became the leading target for cryptominers' malware, replacing Bitcoin. The reasons why are detailed in the report and the infographic.

The complete report is available online.

"Malware, like cyberspace itself, is merely a reflection of traditional, 'real-world' human affairs, and malware is always written for a purpose, whether it's crime, espionage, terrorism or war," said Dr. Kenneth Geers, chief research scientist at Comodo Cybersecurity. "Criminals' proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them."

For years, Comodo Cybersecurity has tracked the rise of cryptominer attacks, malware that hijacks users' computers to mine cryptocurrencies for the attacker's profit while remaining hidden from the PC's owner. The real surge, however, started in 2017 after Bitcoin skyrocketed to $20,000. Cryptominer attacks then leaped in 2018 as cryptocurrencies' market capitalization topped $264 billion, shifting the attention of cybercriminals from ransomware.

During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10% share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42% decrease.

Two key factors drove this surge. Unlike the one and done nature of ransomware — and the semi-custom nature of each target's variant — cryptominers are "the gift that keeps on giving." They persist in infected machines or websites because they are often either unnoticed or tolerated by users, who find a performance impact more acceptable than dealing with the issue. And the higher value of cryptocurrencies made mining worth their while.

Monero, the cryptocurrency best known for its secrecy level, took the dubious honor from Bitcoin of becoming the cryptominers' preferred target during the first quarter. According to Comodo Cybersecurity analysts, this is because its features favor cybercriminals: it hides transaction parties and amounts; cannot be tracked, blacklisted or linked to previous transactions; creates blocks every two minutes, providing more frequent opportunities for attack; and is designed for mining on ordinary computers.

Other highlights of the Comodo Cybersecurity report for the last quarter include:

  • Hackers subverted Coinhive, Crypto-Loot and other cryptocurrency mining services. These legitimate companies offer website owners a way to monetize their sites by allowing customers to willingly let their computers be used for mining. The very short JavaScript that enabled the opt-in service, however, was quickly stolen by cybercriminals and used for malicious purposes. Widely and illegitimately spread worldwide by embedding the code into websites, Chrome extensions, typosquatted domains and malvertising, the hackers' script stealthily uses system resources without the user's permission to make money by mining cryptocurrencies
  • Password stealers became more sophisticated and dangerous. Comodo Cybersecurity observed cybercriminals increasingly develop and update malware with the goal of stealing users' credentials. Comodo Cybersecurity Threat Research Lab analyzed new variants of Pony Stealer, one of the most dangerous password stealers, which now demonstrates new capabilities in both stealing data and in covering its tracks
  • Expect a ransomware resurgence. Ransomware attacks led the malware market in previous quarters, but showed a radical decrease in the number of overall detections, likely due to the shift to the low-hanging fruit of cryptominers. Ransomware's overall share of incidents dropped from 42% in August 2017 to just 9% in February 2018. Comodo Cybersecurity Labs caution to prepare for new ransomware attacks in a changed guise, perhaps morphing into a weapon of data destruction — as seen with NotPetya — rather than a tool to extort a ransom
  • Geopolitical malware detections correlate with current events around the world. In Q1 2018, Comodo Cybersecurity analysis yielded potential geopolitical correlations related to national elections in China and Russia. The company discovered correlations in Egypt, India, Iran, Israel, Turkey and Ukraine relative to military operations, along with other trends across Europe, Asia and Africa
  • Hot zones identified by malware type. Countries that currently have the most acute challenges associated with Trojans, viruses and worms include Brazil, Egypt, India, Indonesia, Iran, Mexico, Nigeria, Philippines, Russia and South Africa. Countries in a higher socioeconomic category — that can afford more professional cyber defenses — are often plagued by a higher ratio of application malware. Finally, countries that possess unusual malware profiles, such as Belarus, China, Israel, Japan, Kazakhstan, Turkey, U.K. and Ukraine are profiled in this Q1 2018 report

Comodo Cybersecurity will host a webcast to discuss the findings with Dr. Geers, on Wednesday, May 9, 2018 at 1 p.m. EDT (register here).

For more information, download the Comodo Cybersecurity Threat Research Labs' "Global Malware Report Q1 2018."

Comodo Cybersecurity will highlight its integrated platform that helps small, mid-size and large businesses safeguard their data and systems against next-gen cyber threats at RSA Conference 2018, April 16-20, 2018 in San Francisco. Comodo Cybersecurity will demonstrate its endpoint security, network security, web and cloud security, and threat intelligence solutions at Booth #541 in the South Hall.

About Comodo Cybersecurity
Comodo Cybersecurity, a division of Comodo Security Solutions Inc. (CSS Inc.), is transforming cybersecurity with protection for endpoints, networks and web servers that is proven to be effective against the most advanced malware threats, including even new and unknown threats. Comodo Cybersecurity's innovative auto containment technology provides a trust verdict for every file, so that only safe files can run, without impacting user productivity or computer resources. With its global headquarters in Clifton, New Jersey, Comodo Cybersecurity also has international offices in China, India, the Philippines, Romania, Turkey, and Ukraine. For more information, visit comodo.com or our blog. You can also follow us on Twitter (@ComodoNews) or LinkedIn.

Contact:
Montner Tech PR
Deb Montner
[email protected] 
203-226-9290

Cision View original content with multimedia:http://www.prnewswire.com/news-releases/cryptominers-leaped-ahead-of-ransomware-in-q1-2018-comodo-cybersecurity-threat-research-labs-global-malware-report-shows-300631080.html

SOURCE Comodo Cybersecurity

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution. In his session at @ThingsExpo, Akvelon expert and IoT industry leader Sergey Grebnov provided an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
HyperConvergence came to market with the objective of being simple, flexible and to help drive down operating expenses. It reduced the footprint by bundling the compute/storage/network into one box. This brought a new set of challenges as the HyperConverged vendors are very focused on their own proprietary building blocks. If you want to scale in a certain way, let's say you identified a need for more storage and want to add a device that is not sold by the HyperConverged vendor, forget about it...
Dhiraj Sehgal works in Delphix's product and solution organization. His focus has been DevOps, DataOps, private cloud and datacenters customers, technologies and products. He has wealth of experience in cloud focused and virtualized technologies ranging from compute, networking to storage. He has spoken at Cloud Expo for last 3 years now in New York and Santa Clara.
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...