SYS-CON MEDIA Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, William Schmarzo, Dana Gardner

News Feed Item

Cryptominers Leaped Ahead of Ransomware in Q1 2018, Comodo Cybersecurity Threat Research Labs' Global Malware Report Shows

SAN FRANCISCO, April 17, 2018 /PRNewswire/ -- RSA CONFERENCE 2018 -- Comodo Cybersecurity, a global innovator and developer of cybersecurity solutions and a division of Comodo Security Solutions Inc., today announced the Comodo Cybersecurity Threat Research Labs' "Global Malware Report Q1 2018."

Comodo Cybersecurity's report is among the first to present Q1 2018 data, and the company's threat analysis shows a very different picture from 2017. Specifically, during the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware — which declined significantly in volume — as the number one threat.

Another surprising finding: Altcoin Monero became the leading target for cryptominers' malware, replacing Bitcoin. The reasons why are detailed in the report and the infographic.

The complete report is available online.

"Malware, like cyberspace itself, is merely a reflection of traditional, 'real-world' human affairs, and malware is always written for a purpose, whether it's crime, espionage, terrorism or war," said Dr. Kenneth Geers, chief research scientist at Comodo Cybersecurity. "Criminals' proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them."

For years, Comodo Cybersecurity has tracked the rise of cryptominer attacks, malware that hijacks users' computers to mine cryptocurrencies for the attacker's profit while remaining hidden from the PC's owner. The real surge, however, started in 2017 after Bitcoin skyrocketed to $20,000. Cryptominer attacks then leaped in 2018 as cryptocurrencies' market capitalization topped $264 billion, shifting the attention of cybercriminals from ransomware.

During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10% share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42% decrease.

Two key factors drove this surge. Unlike the one and done nature of ransomware — and the semi-custom nature of each target's variant — cryptominers are "the gift that keeps on giving." They persist in infected machines or websites because they are often either unnoticed or tolerated by users, who find a performance impact more acceptable than dealing with the issue. And the higher value of cryptocurrencies made mining worth their while.

Monero, the cryptocurrency best known for its secrecy level, took the dubious honor from Bitcoin of becoming the cryptominers' preferred target during the first quarter. According to Comodo Cybersecurity analysts, this is because its features favor cybercriminals: it hides transaction parties and amounts; cannot be tracked, blacklisted or linked to previous transactions; creates blocks every two minutes, providing more frequent opportunities for attack; and is designed for mining on ordinary computers.

Other highlights of the Comodo Cybersecurity report for the last quarter include:

  • Hackers subverted Coinhive, Crypto-Loot and other cryptocurrency mining services. These legitimate companies offer website owners a way to monetize their sites by allowing customers to willingly let their computers be used for mining. The very short JavaScript that enabled the opt-in service, however, was quickly stolen by cybercriminals and used for malicious purposes. Widely and illegitimately spread worldwide by embedding the code into websites, Chrome extensions, typosquatted domains and malvertising, the hackers' script stealthily uses system resources without the user's permission to make money by mining cryptocurrencies
  • Password stealers became more sophisticated and dangerous. Comodo Cybersecurity observed cybercriminals increasingly develop and update malware with the goal of stealing users' credentials. Comodo Cybersecurity Threat Research Lab analyzed new variants of Pony Stealer, one of the most dangerous password stealers, which now demonstrates new capabilities in both stealing data and in covering its tracks
  • Expect a ransomware resurgence. Ransomware attacks led the malware market in previous quarters, but showed a radical decrease in the number of overall detections, likely due to the shift to the low-hanging fruit of cryptominers. Ransomware's overall share of incidents dropped from 42% in August 2017 to just 9% in February 2018. Comodo Cybersecurity Labs caution to prepare for new ransomware attacks in a changed guise, perhaps morphing into a weapon of data destruction — as seen with NotPetya — rather than a tool to extort a ransom
  • Geopolitical malware detections correlate with current events around the world. In Q1 2018, Comodo Cybersecurity analysis yielded potential geopolitical correlations related to national elections in China and Russia. The company discovered correlations in Egypt, India, Iran, Israel, Turkey and Ukraine relative to military operations, along with other trends across Europe, Asia and Africa
  • Hot zones identified by malware type. Countries that currently have the most acute challenges associated with Trojans, viruses and worms include Brazil, Egypt, India, Indonesia, Iran, Mexico, Nigeria, Philippines, Russia and South Africa. Countries in a higher socioeconomic category — that can afford more professional cyber defenses — are often plagued by a higher ratio of application malware. Finally, countries that possess unusual malware profiles, such as Belarus, China, Israel, Japan, Kazakhstan, Turkey, U.K. and Ukraine are profiled in this Q1 2018 report

Comodo Cybersecurity will host a webcast to discuss the findings with Dr. Geers, on Wednesday, May 9, 2018 at 1 p.m. EDT (register here).

For more information, download the Comodo Cybersecurity Threat Research Labs' "Global Malware Report Q1 2018."

Comodo Cybersecurity will highlight its integrated platform that helps small, mid-size and large businesses safeguard their data and systems against next-gen cyber threats at RSA Conference 2018, April 16-20, 2018 in San Francisco. Comodo Cybersecurity will demonstrate its endpoint security, network security, web and cloud security, and threat intelligence solutions at Booth #541 in the South Hall.

About Comodo Cybersecurity
Comodo Cybersecurity, a division of Comodo Security Solutions Inc. (CSS Inc.), is transforming cybersecurity with protection for endpoints, networks and web servers that is proven to be effective against the most advanced malware threats, including even new and unknown threats. Comodo Cybersecurity's innovative auto containment technology provides a trust verdict for every file, so that only safe files can run, without impacting user productivity or computer resources. With its global headquarters in Clifton, New Jersey, Comodo Cybersecurity also has international offices in China, India, the Philippines, Romania, Turkey, and Ukraine. For more information, visit comodo.com or our blog. You can also follow us on Twitter (@ComodoNews) or LinkedIn.

Contact:
Montner Tech PR
Deb Montner
[email protected] 
203-226-9290

Cision View original content with multimedia:http://www.prnewswire.com/news-releases/cryptominers-leaped-ahead-of-ransomware-in-q1-2018-comodo-cybersecurity-threat-research-labs-global-malware-report-shows-300631080.html

SOURCE Comodo Cybersecurity

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine ...
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technologies continue to create hesitation for many organizations that truly need to be developing a cloud strategy. Hybrid cloud solutions are helping to elevate those concerns by enabling the combination or orchestration of two or more platforms, including on-premise infrastructure, private clouds and/or third-party, public cloud services. This gives organizations more comfort to begin their digital tr...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve fu...
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasabi is 80% cheaper and 6x faster than Amazon S3, with 100% data immutability protection and no data egress fees. Created by Carbonite co-founders and cloud storage pioneers David Friend and Jeff Flowers, Wasabi is on a mission to commoditize the storage industry. Wasabi is a privately held company based in Boston, MA. Follow and connect with Wasabi on Twitter, Facebook, Instagram and the Wasabi blog...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Inzata is a powerful, revolutionary data analytics platform for integrating, exploring, and analyzing data of any kind, from any source, at massive scale. Powerful AI-assisted Modeling and a patented analytics engine help users quickly load, blend and model raw and unstructured data into powerful enterprise data models, actionable real-time analytics and engaging visualizations. Go beyond spreadsheets and slides and compose a powerful narrative about how your business is performing, and how y...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail. As ...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereum.
In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundat...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements in network e ciency, intelligence and agility by delivering Next-Generation Data Center Networking. We enable data center transformation and accelerate business velocity by delivering a responsive, automated, and programmable software-dened networking (SDN) fabric-based networking solution. Traditionally, the network has been viewed as the barrier to data center transformation as legacy networkin...
For far too long technology teams have lived in siloes. Not only physical siloes, but cultural siloes pushed by competing objectives. This includes informational siloes where business users require one set of data and tech teams require different data. DevOps intends to bridge these gaps to make tech driven operations more aligned and efficient.
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings...