In its latest Global Threat Landscape Report, Fortinet finds that the cryptomining malware attacks have been increasing rapidly. The report says that the prevalence of cryptomining malware more than doubled from quarter to quarter, growing from 13 percent to 28 percent. Additionally, cryptojacking was quite prevalent in the Middle-East, Latin America, and Africa. Cryptomining malware is also showing incredible diversity for such a relatively new threat. Cybercriminals are creating stealthier fileless malware to inject infected code into browsers with less detection. Miners are also targeting multiple operating systems as well as different cryptocurrencies, including Bitcoin, Dash, and Monero. They are also fine-tuning and adopting delivery and propagation techniques from other threats based on what was successful or unsuccessful to improve future success rates.
The Fortinet report further says that the impact of destructive malware remains high, particularly as criminals combine it with designer attacks. For these types of more targeted attacks, criminals conduct significant reconnaissance on an organization before launching an attack, which helps them to increase success rates. Afterwards, once they penetrate the network, attackers spread laterally across the network before triggering the most destructive part of their planned attack. The Olympic Destroyer malware and the more recentSamSam ransomwareare examples of where cybercriminals combined a designer attack with a destructive payload for maximum impact.
On the issue of Ransomware the report opines that the growth in both the volume and sophistication of ransomware continues to be a significant security challenge for organizations. Ransomware continues to evolve, leveraging new delivery channels such as social engineering, and new techniques such as multi-stage attacks to evade detection and infect systems. GandCrab ransomware emerged in January with the distinction of being the first ransomware to require Dashcryptocurrency as a payment. BlackRuby and SamSam were two other ransomware variants that emerged as major threats during the first quarter of 2018.
While, the area of OT gets specific mention in the report, which says that OT attacks are a smaller percentage of the overall attack landscape, the trends are concerning. This sector is increasingly becoming connected to the Internet, with serious potential ramifications for security.