GlobeNewswire

Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware

Dela

Analysis of vulnerability and threat trends shows cryptomining malware dominates threat landscape in the first half of 2018

SAN JOSE, Calif., July 18, 2018 (GLOBE NEWSWIRE) -- Skybox® Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape.

The mid-year update explores trends observed from January to June of 2018. One of the most significant findings is the replacement of ransomware as the cybercriminal tool of choice with cryptomining malware. In the last six months of 2017, ransomware accounted for 32 percent of attacks, while malicious cryptominers accounted for seven percent. By the first half of 2018, the figures had switched almost exactly: malicious cryptominers accounted for 32 percent of attacks while ransomware dropped to eight percent.

"In the last few years, ransomware reigned supreme as the shortcut money-maker for cybercriminals," said Ron Davidson, Skybox CTO and vice president of R&D. "It doesn't require data exfiltration, just encryption to hold the data hostage and a ransom note of how the victim can pay up. With cryptominers, the criminals can go straight to the source and mine cryptocurrency themselves. There's no question of if they'll be paid or not."

Cryptomining uses the computational power of compromised assets to create new blocks in the blockchain of like Bitcoin and Monero. The malicious or unauthorized cryptomining approach indeed avoids several of the drawbacks of ransomware:

  • The victim doesn't need to be notified of the attack in order to pay the ransom, so it can continue indefinitely in a stealth manner
  • Cryptocurrency can be mined over long-periods of time, rather than the cybercriminal receiving a single lump-sum ransom payment
  • There is no decision of payment on the part of the victim - the attack itself controls how much money will be generated.

"Ransomware received a lot of attention in years past, especially thanks to the likes of WannaCry, NotPetya and BadRabbit," said Skybox Director of Threat Intelligence Marina Kidron and leader of the Research Lab behind the report. "To some extent, organizations took note and put effective precautions in place, ensuring they had reliable back-ups and even thwarting attackers with decryption programs. So cybercriminals found - in cryptomining- a path of lesser resistance. The recent uptick in value of cryptocurrencies also made this an incredibly profitable attack option."

Other findings in the report appear to relate to this rise in cryptomining. Internet and mobile vulnerabilities made up nearly a third of all new vulnerabilities published in the first half of 2018. Google Android had by far the most vulnerabilities during that time period, exceeding the tally of the next five most vulnerable vendors combined. Android also logged 200 more vulnerabilities than it did in the second half of 2018. Malicious cryptomining has found an advantage in targeting the app store of the global market leader in mobile devices, with billions of potential targets worldwide.

Browser-based malware is also on the rise in the first half of 2018. "Out of all software today, web browsers are considered the most prone to malicious attacks," said Kidron. "They constantly interact with websites and applications that cybercriminals have infected with malware like cryptominers and other threats via the web, which are notoriously difficult to detect. The cryptomining malware could be active as long as the web session is active, and 'file-less' cryptominers also can hide from conventional security tools as there's no download or attachment to analyze."

No matter the payload, attackers looking to exploit vulnerabilities have more resources than ever. Not only are dark web market places rich with attack tools and services, and criminal forums ripe with information, vulnerabilities themselves have skyrocketed. New vulnerabilities catalogued by MITRE's National Vulnerability Database doubled in 2017 over the previous year, and 2018 looks to be on track to shatter even that record. The 2017 surge and continued elevated numbers is largely due to organizational improvements at MITRE and increased security research by vendors and third-parties, including vendor-sponsored bug bounty programs. But no matter the reason, organizations have to employ smarter and faster ways to find the signal in the noise and mitigate vulnerability risks before they're used in an attack.

Skybox recommends establishing a threat-centric vulnerability management (TCVM) program to adapt to these changes in the threat landscape and those yet to come. The TCVM approach helps security practitioners focus on the small subset of vulnerabilities most likely to be used in an attack by incorporating vulnerability and threat intelligence with the context of their assets, network and security controls. This way, remediation is targeted at the greatest areas of risk while leveraging all response options - patching as well as network-based changes.

To read the full report on vulnerability and threat trends thus far in 2018, click here. To learn more about Skybox vulnerability management approach, download our e-book here

About Skybox Research Lab 
The Skybox Research Lab is team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. The Research Lab validates and enhances data through automated as well as manual analysis, with analysts adding their knowledge of attack trends, cyber events and TTPs of today's attackers. Their ongoing investigations determine which vulnerabilities are being exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and other attacks exploiting client- and server-side vulnerabilities.

For more information on the methodology behind the Skybox Research Lab and to keep up with the latest vulnerability and threat intelligence, visit www.vulnerabilitycenter.com.

About Skybox Security

Skybox provides the industry's broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 120 networking and security technologies, the Skybox® Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world's largest organizations.

© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.

CONTACT INFORMATION

Skybox Security
Tawnya Lancaster
Director of Brand and Communications
408-205-1618 | Tawnya.lancaster@skyboxsecurity.com

OneChocolate for Skybox Security
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk

Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de

France: Xavier Delhôme
+33 1 41 31 75 09 | xavier@onechocolate.fr

A photo accompanying this announcement is available at http://www.globenewswire.com/NewsRoom/AttachmentNg/8c26e3be-8dd4-457a-b19b-becd7c28c469




This announcement is distributed by Nasdaq Corporate Solutions on behalf of Nasdaq Corporate Solutions clients.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Skybox Security via Globenewswire

Om

GlobeNewswire



Följ GlobeNewswire

Abonnera på våra pressmeddelanden.

Senaste pressmeddelandena från GlobeNewswire

Arcoma AB: Arcoma presenterar på Redeye Life Science Day den 21:a november16.11.2018 12:53Pressmeddelande

16 November Den 21 november presenterar Jesper Söderqvist, VD på Arcoma, den senaste utvecklingen i Arcoma på Haymarket by Scandic i Stockholm. Presentationen "Arcoma, ett tillväxtbolag i en växande marknad" hålls klockan 13:00 och kan följas i livesändning på redeye.se/live/lsday-2018. Presentationen kommer även i efterhand att finnas tillgänglig på www.redeye.se/live/ls-day-2018 samt på Bolagets sida i Redeye Universe (redeye.se/company/Arcoma) Om Arcoma Arcoma, med lång erfarenhet av branschen, är en ledande leverantör av integrerade digitala röntgensystem med hög kvalitet och avancerad teknik. Arcomas produkter erbjuder den senaste digitala bildtekniken kombinerat med tekniskt avancerade rörliga positioneringssystem, vilket tillsammans med ergonomisk skandinavisk design, erbjuder kunden kompletta, konfigurerbara och funktionella digitala röntgensystem. Bolagets produkter säljs via återförsäljare samt via OEM-kunder och det finns idag över 3 500 av Arcomas röntgensystem installerade

Iconovo: kundprojekt blir framflyttat tre till sex månader8.11.2018 15:45Pressmeddelande

Fortsatt arbete med ett av Iconovos pågående kundprojekt kommer att flyttas fram tre till sex månader. Projektet avser utveckling av produkt anpassad för kund som ska svara för produktion och marknadslansering. Det aktuella arbetet var planerat att ske under fjärde kvartalet men beräknas ske under nästa år, och detta påverkar Iconovos omsättning under 2018 negativt med cirka 2 miljoner kronor. Orsaken är att kunden har beslutat att genomföra en mindre klinisk studie för att verifiera produkten innan nästa steg tas vilken omfattar investeringar i betydande mångmiljonbelopp i produktionskapacitet, baserat på Iconovos utveckling. Studien görs för kundens egna räkning och är inte villkorad av tillsynsmyndigheter. "Detta påverkar vårt resultat på kort sikt, men det faktum att kunden har beslutat att göra en betydande investering i faktisk produktion betyder att vi med stor säkerhet kan se fram emot licensintäkter under en lång tidsrymd framöver i samband med att produkten lanseras på markna

Stillfront Group AB: Inbjudan till Stillfront Groups kvartalsrapport för tredje kvartalet 20187.11.2018 14:34Pressmeddelande

PRESSMEDDELANDE 7 november 2018 Inbjudan till Stillfront Groups kvartalsrapport för tredje kvartalet 2018 Stillfront Groups kvartalsrapport för det tredje kvartalet 2018 kommer att publiceras klockan 07.00 den 22 november 2018. En webbsänd telefonkonferens kommer att hållas klockan 10.00 samma dag där Jörgen Larsson, VD och Sten Wranne, CFO, kommenterar resultatet. Presentationen och rapporten kommer efter presentationen att finnas tillgänglig på www.stillfront.com Webbsändningen nås på adressen: https://tv.streamfabriken.com/stillfront-q3-2018 För att delta via telefon, vänligen ring: SE: +46 8 566 426 63 UK: +44 20 300 898 01 US: +1 8 557 532 235 FÖR YTTERLIGARE INFORMATION, VÄNLIGEN KONTAKTA: Sofia Wretman, IR Phone: +46 708 11 64 30 sofia@stillfront.com OM STILLFRONT Stillfront är en oberoende utvecklare, förläggare och distributör av digitala spel - med visionen att bli en ledande indie-spelutvecklare och förläggare. Stillfront är verksamt genom tio näst intill självständiga dotte

Stillfront Group AB: Invitation to Stillfront Group Q3 presentation7.11.2018 14:34Pressmeddelande

Invitation to Stillfront Group Q3 presentation Stillfront Group interim report for the third quarter 2018 will be published at 07.00 CET on 22 November 2018. A presentation of the report will be held the same day at 10.00 CET via telephone conference or audiocast where Jörgen Larsson, CEO and CFO Sten Wranne are to comment on the report. The presentation can be viewed live at https://tv.streamfabriken.com/stillfront-q3-2018 To participate via phone please call: SE: +46 8 566 426 63 UK: +44 20 300 898 01 US: +1 8 557 532 235 FOR FURTHER INFORMATION, PLEASE CONTACT: Sofia Wretman, IR Phone: +46 708 11 64 30 sofia@stillfront.com ABOUT STILLFRONT Stillfront is a group of independent creators, publishers and distributors of digital games - with a vision to become the leading group of indie game creators and publishers. Stillfront operates through ten near-autonomous subsidiaries: Bytro Labs in Germany, Coldwood Interactive in Sweden, Power Challenge in the UK and Sweden, Dorado Online Games

Modus Therapeutics announces FDA Acceptance of Sevuparin IND for the treatment of sickle cell disease7.11.2018 08:30Pressmeddelande

STOCKHOLM, November 7, 2018. Karolinska Development's portfolio company Modus Therapeutics announces today that the U.S Food & Drug Administration (FDA) has approved the company's Investigational New Drug (IND) application to initiate a Phase I clinical trial with subcutaneous sevuparin for the treatment of sickle cell disease (SCD) FDA has decided to accept Modus Therapeutics' IND application of sevuparin for the treatment of SCD. Sevuparin is an innovative, proprietary modified polysaccharide drug with anti-adhesive, anti-aggregate and anti-inflammatory effects due to its multimodal mechanism of action. It has the potential to restore blood flow and prevent further microvascular obstructions in children and adults with SCD. At present, sevuparin is being evaluated as an intravenous infusion in a Phase II study in SCD patients with ongoing painful crises (also called vaso occlusive crises, VOC). In order to broaden the clinical scope and utility of sevuparin in the treatment of SCD, t

Modus Therapeutics announces FDA Acceptance of Sevuparin IND for the treatment of sickle cell disease7.11.2018 08:30Pressmeddelande

STOCKHOLM, November 7, 2018. Karolinska Development's portfolio company Modus Therapeutics announces today that the U.S Food & Drug Administration (FDA) has approved the company's Investigational New Drug (IND) application to initiate a Phase I clinical trial with subcutaneous sevuparin for the treatment of sickle cell disease (SCD) FDA has decided to accept Modus Therapeutics' IND application of sevuparin for the treatment of SCD. Sevuparin is an innovative, proprietary modified polysaccharide drug with anti-adhesive, anti-aggregate and anti-inflammatory effects due to its multimodal mechanism of action. It has the potential to restore blood flow and prevent further microvascular obstructions in children and adults with SCD. At present, sevuparin is being evaluated as an intravenous infusion in a Phase II study in SCD patients with ongoing painful crises (also called vaso occlusive crises, VOC). In order to broaden the clinical scope and utility of sevuparin in the treatment of SCD, t

I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.

Besök vårt pressrum