Crypto Mining Malware is Giving Way to New Cybersecurity Concern

Cybercriminals are generally unrelenting in their efforts and usually find one way or another to achieve their aim. In the last few months, the sector has been hit with reported cases of ransomware, with some cities in the U.S. having their computers and networks hacked and forced to part with thousands of dollars in Bitcoin before access is restored. Before now, there were also quite a few stories of mining malware being surreptitiously installed on computers manned by unsuspecting users, however, these reports seem to be slowly reducing. Now according to a new report from Skybox Security – a cybersecurity solutions and threat management firm, the frequency of crypto mining malware mishaps has significantly fallen and given way to something else.

Cloud Computing Attacks

“Use of malicious cryptominers – cybercriminals’ overwhelming tool of choice in 2018 – has declined to just 15 percent of malware attacks, with ransomware, botnets and backdoors rising to fill the void.”

In the past, crypto-malware was widely used to infect more than a few thousand computers, making these systems mine cryptocurrencies through distributed control systems. This situation was so pervasive that as many as 700 new computers were infected on a daily basis.

The new report, however, states that cloud computing attacks, which produce numerous computing containers, seems to have significantly increased and taken over from mining malware. Containers essentially create an isolation boundary between virtual servers which might be hosted on a shared device and these cloud computing vulnerabilities, according to the report, have surged by 46% of the first half of 2019, compared to the first half of last year. The report also shows that this number jumps from 46% to 240% when compared with the first half of 2017.

There are certain remote services offered by industry heavy-hitters such as Google and Amazon and are left unmanned sometimes. This gives cybercriminals the opportunity to use these services to handle the huge amount of data needed to remotely mine various digital assets. With this method, cybercriminals can easily reproduce these containers and then form a large farm of thousands of mining machines.

According to the Director of Threat Intelligence at Skybox:

“Cloud technology and adoption has obviously skyrocketed, so it’s no surprise that vulnerabilities within cloud technology will increase. What is concerning, though, is that as these are published, the race is on for attackers to develop an exploit because launching a successful attack on a container could have much broader consequences. Compared to other technology, containers can be more numerous and quickly replicated. The attack footprint could expand rapidly, and number of victims may be extremely high.”

Amrit Williams, VP of products, has touched on the need for customers to be able to identify and report vulnerabilities as often as noticed.

“Container vendors put a great deal of attention to securing their products in the first place. But that also means reporting vulnerabilities when discovered. It’s critical that customers have a way to spot those vulnerabilities even as their environment may be changing frequently. They also need to assess those vulnerabilities’ exploitability and exposure within the hybrid network and prioritise them alongside vulnerabilities from the rest of the environment – on prem, virtual networks and other clouds.”

The number of new vulnerabilities discovered in 2019’s first half hit and surpassed 7,000 and according to Skybox CTO and VP of R&D, Ron Davidson,

“organisations are likely still going to be drowning in the vulnerability flood for some time.”

 

Source