Cryptominers Leaped Ahead of Ransomware in Q1 2018. Comodo Cybersecurity Threat Research Labs’ Global Malware Report
RSA CONFERENCE 2018 — SAN FRANCISCO — April 17, 2018 – Comodo Cybersecurity, a global innovator and developer of cybersecurity solutions and a division of Comodo Security Solutions Inc., today announced the Comodo Cybersecurity Threat Research Labs’ “Global Malware Report Q1 2018.”
Comodo Cybersecurity’s report is among the first to present Q1 2018 data, and the company’s threat analysis shows a very different picture from 2017. Specifically, during the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware — which declined significantly in volume — as the number one threat.
Another surprising finding: Altcoin Monero became the leading target for cryptominers’ malware, replacing Bitcoin. The reasons why are detailed in the report and the infographic.
The complete report is available online.
“Malware, like cyberspace itself, is merely a reflection of traditional, ‘real-world’ human affairs, and malware is always written for a purpose, whether it’s crime, espionage, terrorism or war,” said Dr. Kenneth Geers, chief research scientist at Comodo Cybersecurity. “Criminals’ proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them.”
During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10% share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42% decrease.
Monero, the cryptocurrency best known for its secrecy level, took the dubious honor from Bitcoin of becoming the cryptominers’ preferred target during the first quarter. According to Comodo Cybersecurity analysts, this is because its features favor cybercriminals: it hides transaction parties and amounts; cannot be tracked, blacklisted or linked to previous transactions; creates blocks every two minutes, providing more frequent opportunities for attack; and is designed for mining on ordinary computers.
Other highlights of the Comodo Cybersecurity report for the last quarter include:
- Hackers subverted Coinhive, Crypto-Loot and other cryptocurrency mining services
- Password stealers became more sophisticated and dangerous
- . Comodo Cybersecurity observed cybercriminals increasingly develop and update malware with the goal of stealing users’ credentials. Comodo Cybersecurity Threat Research Lab analyzed new variants of Pony Stealer, one of the most dangerous password stealers, which now demonstrates new capabilities in both stealing data and in covering its tracks
- Expect a ransomware resurgence
- . Ransomware attacks led the malware market in previous quarters, but showed a radical decrease in the number of overall detections, likely due to the shift to the low-hanging fruit of cryptominers. Ransomware’s overall share of incidents dropped from 42% in August 2017 to just 9% in February 2018. Comodo Cybersecurity Labs caution to prepare for new ransomware attacks in a changed guise, perhaps morphing into a weapon of data destruction — as seen with NotPetya — rather than a tool to extort a ransom
- Geopolitical malware detections correlate with current events around the world
- . In Q1 2018, Comodo Cybersecurity analysis yielded potential geopolitical correlations related to national elections in China and Russia. The company discovered correlations in Egypt, India, Iran, Israel, Turkey and Ukraine relative to military operations, along with other trends across Europe, Asia and Africa
- Hot zones identified by malware type
- . Countries that currently have the most acute challenges associated with Trojans, viruses and worms include Brazil, Egypt, India, Indonesia, Iran, Mexico, Nigeria, Philippines, Russia and South Africa. Countries in a higher socioeconomic category — that can afford more professional cyber defenses — are often plagued by a higher ratio of application malware. Finally, countries that possess unusual malware profiles, such as Belarus, China, Israel, Japan, Kazakhstan, Turkey, U.K. and Ukraine are profiled in this Q1 2018 report
For more information, download the (Comodo Cybersecurity Threat Research Labs’ “Global Malware Report Q1 2018.” )
Comodo Cybersecurity will highlight its integrated platform that helps small, mid-size and large businesses safeguard their data and systems against next-gen cyber threats at RSA Conference 2018, April 16-20, 2018 in San Francisco. Comodo Cybersecurity will demonstrate its endpoint security, network security, web and cloud security, and threat intelligence solutions at Booth #541 in the South Hall.
About Comodo Cybersecurity
Comodo Cybersecurity, a division of Comodo Security Solutions Inc. (CSS Inc.), is transforming cybersecurity with protection for endpoints, networks and web servers that is proven to be effective against the most advanced malware threats, including even new and unknown threats. Comodo Cybersecurity’s innovative auto containment technology provides a trust verdict for every file, so that only safe files can run, without impacting user productivity or computer resources. With its global headquarters in Clifton, New Jersey, Comodo Cybersecurity also has international offices in China, India, the Philippines, Romania, Turkey, and Ukraine. For more information, visit comodo.com or our blog. You can also follow us on Twitter (@ComodoNews) or LinkedIn.
Montner Tech PR