Cryptojacking Skyrockets to the Top of the Attacker Toolkit, Signalling Massive Threat to Cyber and Personal Security
Annual Threat Report from Symantec Reveals One in Ten Targeted Attack Groups Use Malware Designed to Disrupt
Auckland, 22 March 2018 – Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream,
as the ransomware market becomes overpriced and overcrowded, according to Symantec's (Nasdaq: SYMC) Internet Security Threat Report
(ISTR), Volume 23, released today.
“Cryptojacking is a rising threat to cyber and personal security,” said Mike Fey, president and COO, Symantec. “The
massive profit incentive puts people, devices and organisations at risk of unauthorised coinminers siphoning resources
from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centres.”
Symantec's ISTR provides a comprehensive view of the threat landscape, including insights into global threat activity,
cyber criminal trends and motivations for attackers. The report analyses data from the Symantec Global Intelligence
Network™, the largest civilian threat collection network in the world which tracks over 700,000 global adversaries,
records events from 126.5 million attack sensors worldwide, and monitors threat activities in over 157 countries and
territories. Key highlights include:
Cryptojacking Attacks Explode by 8,500 Percent
During the past year, an astronomical rise in cryptocurrency values triggered a cryptojacking gold rush with cyber
criminals attempting to cash in on a volatile market. Detections of coinminers on endpoint computers increased by 8,500
percent in 2017.
With a low barrier of entry – only requiring a couple lines of code to operate – cyber criminals are harnessing stolen
processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency. Coinminers can slow devices,
overheat batteries, and in some cases, render devices unusable. For enterprise organisations, coinminers can put
corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.
“Now you could be fighting for resources on your phone, computer or IoT device as attackers use them for profit,” said
Kevin Haley, director, Symantec Security Response. “People need to expand their defences or they will pay for the price
for someone else using their device.”
IoT devices continue to be ripe targets for exploitation. Symantec found a 600 percent increase in overall IoT attacks
in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse. Macs are not immune either with Symantec detecting an 80 percent increase in coin mining attacks against Mac OS. By
leveraging browser-based attacks, criminals do not need to download malware to a victim’s Mac or PC to carry out cyber
Majority of Targeted Attackers Use Single Method to Infect Victims
The number of targeted attack groups is on the rise with Symantec now tracking 140 organised groups. Last year, 71
percent of all targeted attacks started with spear phishing – the oldest trick in the book – to infect their victims. As
targeted attack groups continue to leverage tried and true tactics to infiltrate organisations, the use of zero-day
threats is falling out of favour. Only 27 percent of targeted attack groups have been known to use zero-day
vulnerabilities at any point in the past.
The security industry has long discussed what type of destruction might be possible with cyber attacks. This
conversation has now moved beyond the theoretical, with one in ten targeted attack groups using malware designed to
Implanted Malware Grows by 200 Percent, Compromising Software Supply Chain
Symantec identified a 200 percent increase in attackers injecting malware implants into the software supply chain in
2017. That’s equivalent to one attack every month as compared to four attacks the previous year. Hijacking software
updates provides attackers with an entry point for compromising well-guarded networks. The Petya outbreak was the most
notable example of a supply chain attack. After using Ukrainian accounting software as the point of entry, Petya used a
variety of methods to spread laterally across corporate networks to deploy its malicious payload.
Mobile Malware Continues to Surge
Threats in the mobile space continue to grow year-over-year, including the number of new mobile malware variants which
increased by 54 percent. Symantec blocked an average of 24,000 malicious mobile applications each day last year. As
older operating systems continue to be in use, this problem is exacerbated. For example, with the Android operating
system, only 20 percent of devices are running the newest version and only 2.3 percent are on the latest minor release.
Mobile users also face privacy risks from grayware apps that aren’t completely malicious but can be troublesome.
Symantec found that 63 percent of grayware apps leak the device’s phone number. With grayware increasing by 20 percent
in 2017, this isn’t a problem that’s going away.
Business-Savvy Cyber Criminals Price Ransomware for Profit
In 2016, the profitability of ransomware led to a crowded market. In 2017, the market made a correction, lowering the
average ransom cost to US$522 and signaling that ransomware has become a commodity. Many cyber criminals may have
shifted their focus to coin mining as an alternative to cashing in while cryptocurrency values are high. Additionally,
while the number of ransomware families decreased, the number of ransomware variants increased by 46 percent, indicating
that criminal groups are innovating less but are still very productive.
About the Internet Security Threat Report
The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report
is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyse and
provide commentary on emerging trends in attacks, malicious code activity, phishing and spam.
Visit Symantec’s Threat Intelligence blog
, and register
for Symantec’s ISTR webinar on April 12 at 10 a.m. Pacific / 1 p.m. Eastern. Members of the press may visit the digital press kit
for additional materials.
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organisations, governments and
people secure their most important data wherever it lives. Organisations across the world look to Symantec for
strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure.
Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product
suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest
civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional
information, please visit www.symantec.com
or connect with us on Facebook