Cryptojacking Falls in Second Quarter, Coinciding with Crypto Bear Market: Research

Cryptojacking Falls in Second Quarter, Coinciding with Crypto Bear Market: Research

This years second quarter witnessed a lull in cybercrime, but cybercriminals continue to experiment with ransomware, according to Malwarebytes Labs in its second quarter report.

Malware activity posted a decrease in both business and consumer categories in the second quarter, the report noted. But while the volume of activity was lower, the quality of the attacks was anything but.

Malwarebytes Labs based its conclusions on data from April through June along with telemetry from its business and consumer products that are used in millions of machines.

Malware Sophistication Rises

Ransomware and cryptomining demonstrated a greater level of sophistication in the second quarter.

Cryptomining, for its part, took the lead in consumer detections for the quarter, followed by adware. Adware, for its part, rose by 19% in the quarter.

Spyware activity dropped from the lead business detection to number five, shedding 40% in its activity, while banking Trojans held on to the number two spot, even though detections in this segment fell in half.

Backdoor Detections Increase

Backdoor detections, however, jumped in both the consumer and business sectors, as consumer detections rose by 442%.

A spike in backdoor malware detections is believed to be due to a campaign Malwarebytes Labs refers to as Backdoor.Vools. The malware is usually noticed installing cryptocurrency miners after communicating with a command and control server.

The WannaCry and NotPetya outbreaks in 2017 have yet to be matched in impact and distribution volume, the report said, but attacks from VPNFilter, SamSam and others indicate higher level attacks could be in store for the balance of the year.

VPNFilter malware, which drops multi-stage actions on consumers and small offices by the hundreds of thousands, posted an increase, generating half a million detections in the quarter.

VPNFilter is able to remain undetected by modern security tools. In addition to gaining passwords and usernames, it can add artificial data to deceive users while stealing information. The malware can also conduct DDoS attacks or install other software.

SamSam, for itspart, destroyed files for the city of Atlanta and attacked Hancock Health, and it remains evasive on account of the targeted manner that attackers use to deliver it. SamSam is believed to have taken in more than $1 million. The group behind it is believed to study potential targets to learn the value of their information. They then price the recovery in a way that makes recovery a more economical option for the victim.

GrandCrab was cited as the leading ransomware variant, waged via email. The variant has moved to the Magnitude exploit kit for distribution. Magnitude has started to deploy a fileless technique for loading the ransomware payload, which makes it harder to detect.

Client side and server side cryptomining continue due to content management system vulnerabilities the report noted. It is not easy to upgrade a CMS on account of plugins, themes and other functions that can stop working when the core is updated.

Criminals Target Personal Data

Cybercriminals are also focusing more on personally identifiable information (PII) the report noted.

Malwarebytes Labs first noticed scammers stealing PII in bitcoin scams. Bitcoin, the report noted, is largely unregulated, has limited fraud protection, and the exchanges have poor support.

Because user awareness of scams has increased, scammers are trying to steal email accounts, passwords and bank account information.

The European Unions new General Data Protection Regulation laws are also believed to be raising interest in PII theft since such data is popular on the black market.

Malwarebytes Labs offers a more extensive report on cybercrime tactics and techniques for the second quarter on its website.

Featured image from Shutterstock.


Join CCN's crypto community for $9.99 per month, click here.
Want exclusive analysis and crypto insights from Hacked.com? Click here.
Open Positions at CCN: Full Time and Part Time Journalists Wanted.
19.07.2018 / 01:00 54
MalwareBytes Report Says CryptoJacking Cases Are Plateauing MalwareBytes Report Says CryptoJacking
Malwarebytes, a premier cyber security firm, recently released a report highlighting the cybercrime tactics of this past quarter. The report
Cryptojacking Rises as Ransomware Declines, Cyber Security Researchers Find Cryptojacking Rises as Ransomware
Two of the leading international cyber security firms, one from Russia and one from the USA, have both published their finds at the end of June
Cybercriminals Are Moving from Ransomware to Cryptojacking: Kaspersky Lab Cybercriminals Are Moving from
According to a report published by Kaspersky Lab, a global cybersecurity company, there has been a significant shift from ransomware-related attacks
New Mac Malware Monero Miner Discovered New Mac Malware Monero Miner Discovered
Crypto mining is on the rise as bad actors have discovered decentralized mining is a lot cheaper than setting up a rig and paying the electricity
Consumer Crypto Mining Attacks up 4000% in First Quarter Consumer Crypto Mining Attacks up 4000%
Cybercrime Tactics and Techniques first quarter2018 report is out and reveals a boom in crypto mining operations aimed at consumers as reported by
Ransomware Attacks Drop while Cryptojacking Marks 4000% Increase in Q1 of 2018: Stay Safe! Ransomware Attacks Drop while
Android crypto-miners have seen a staggering 4000% increase in the first three months of 2018. To put things in perspective, the total consumer
Comments (0)
Add a comment
Comment on