2018 is shaping up to be ‘the year of cryptomining' as cybercriminals add the highly-profitable revenue stream to their arsenals, particularly as the ransomware market becomes too overpriced – and overcrowded.
Cryptominers, which enslave devices' memory, CPU and power usage, can cause unwelcome side effects for some users. In some cases, miners can overhead batteries and render devices unusable. Enterprises can also experience network shutdowns and inflated cloud CPU usage, resulting in cost increases.
“Cryptomining is a rising threat to cyber and personal security,” comments Symantec's chief technology officer – Pacific region, Nick Savvides.
“The massive profit incentive puts people, devices and organisations at risk of unauthorised coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.
The report says cryptomining is not illegal and some may see it as a better alternative to viewing ads or paying for content. Globally, cryptomining detections increased 8500% in 2017.
“The problems arise when people aren't aware their computers are being used to mine cryptocurrency, or if cyber criminals surreptitiously install miners on victims' computers or Internet of Things (IoT) devices without their knowledge,” it says.
“Now you could be fighting for resources on your phone, computer or IoT device as attacks use them for profit. People need to expand their defenses or they will pay for the price for someone else using their device,” Savvides adds.
Australia ranks second in Asia-Pacific Japan and eighth globally as a target for cryptomining, accounting for 2.8% of the global percentage.
Overall, attacks on Australia accounted for 1.06% of all global threat detections. It also ranked high as a target for threats including ransomware, phishing hosts, and web attacks.
The report also analysed the state of email malware. Spam email increased by 1.2% in 2017, accounting for 54.6% of all email detections. In Australia, 53.4% of emails were detected as spam.
The report found that bills, email delivery failures, legal/law enforcement, scanned documents, and package delivery rounded out the top five malicious email themes.
The most common keywords used in spam emails include standard words like delivery, mail and message; however words including ‘failed', ‘invoices', ‘images' and ‘scanned' also appeared on the top 10.
Globally, the overall phishing rate dropped from one in every 2596 emails in 2016 to one in 2995 in 2017.
Symantec says that as attackers evolve, there are many steps businesses can take to protect themselves. Here are some tips.
- Don't get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
- Prepare for the worst: Incident management ensures your security framework is optimised, measurable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
- Implement a multi-layered defense: Implement a multilayered defense strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network.
- Provide ongoing training about malicious email: Educate employees on the dangers posed by spear-phishing emails and other malicious email attacks, including where to internally report such attempts.
- Monitor your resources: Make sure to monitor your resources and networks for abnormal and suspicious behavior and correlate it with threat intelligence from experts.
- Change the default passwords on your devices and services: Use strong and unique passwords for computers, IoT devices and Wi-Fi networks. Don't use common or easily guessable passwords such as “123456” or “password”.
- Keep your operating system and software up to date: Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
- Be extra careful on email: Email is one of the top infection methods. Delete any suspicious-looking email you receive, especially if they contain links and/or attachments. Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content.
- Back up your files: Backing up your data is the single most effective way of combating a ransomware infection. Attackers can have leverage over their victims by encrypting their files and leaving them inaccessible. If you have backup copies, you can restore your files once the infection has been cleaned up.