Cryptojacking is on the way to replacing ransomware as the biggest threat for consumers and enterprises – and new research reveals the size of the effect crypto is having on cloud infrastructures.
Cybersecurity firm Check Point Software, in its 'Cyber Attack Trends: 2018 Mid-Year Report', found that in the first half of this year, the number of organisations impacted by cryptomining malware doubled to 42%, compared with 20.5% from the second half of 2017.
What's more, the top three most common malware variants in the first half of this year were all cryptominers. At the most recent RSA Conference, the SANS Institute presented its list of the five newest dangerous attack vectors; cloud storage, and data leakage and monetisation of compromised systems via cryptominers both made the list.
The report asserts that 'a number of sophisticated techniques and tools' have been deployed against cloud storage services. Many of these attacks come about due to organisations' own poor security practices, but others, such as cryptomining, are leveraging cloud infrastructure leading to much greater profits for threat actors.
There have been examples of the latter this year. In February, security monitoring firm RedLock disclosed that hackers had been running cryptomining scripts on unsecured Kubernetes instances owned by Tesla. As the researchers put it at the time, the focus has changed from stealing data to stealing compute power in organisations' public cloud environments.
The top cryptominers are Coinhive, which has affected 12% of organisations worldwide, Cryptoloot, a JavaScript miner, and JSEcoin, a web-based crypto miner. All three are focused around mining the Monero cryptocurrency.
Maya Horowitz, threat intelligence group manager at Check Point, noted that attacks on cloud infrastructure and cryptomining were the latest generation of cyber attacks, which the company calls 'gen V.' "These multi-vector, fast-moving, large scale Gen V attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data," said Horowitz.
Writing for this publication in May, Paolo Passeri, cyber intelligence principal at Netskope, said that while cryptomining campaigns were becoming bigger and more persistent, organisations could mitigate risk by using several methods. Companies could enforce policies such as scanning all uploads from unmanaged and remote devices to sanctioned cloud applications, to blocking unsanctioned instances of sanctioned cloud apps.
You can read the full report here (email required).