- For the past 13 months, cryptomining topped the list of leading malware threats, according to Check Point’s latest Global Threat Index for December 2018.
In fact, the top four malware threats were cryptomining variants, despite the value of cryptocurrency declining in 2018. Coinhive was the most prevalent, with about 12 percent of organizations falling victim across the globe. In second, XMRig with 8 percent and JSEcoin miner in third with 7 percent.
Trojans held several positions on Check Point’s list, including Emotet and Ramnit. Most recently, Emotet has been seen in the wild coupled with Ryuk ransomware. It’s notable, as “damaging multi-purpose malware forms” emerged on Check Point’s list, as well.
These variants leverage multiple attack methods to distribute different threat types during the same cyberattack. For example, Smokeloader, which emerged in 2011 as a second-stage downloader for other malware, primarily trojans, entered the top 10 list for the first time after a wave of attacks in December.
“Its sudden surge in prevalence reinforces the growing trend towards damaging, multi-purpose malware in the Global Threat Index, with the top 10 divided equally between cryptominers and malware that uses multiple methods to distribute numerous threats,” Maya Horowitz, Check Point’s Threat Intelligence and Research Group Manager, said in a statement.
“The diversity of the malware in the index means that it is critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families and brand new threats,” she added.
The report mirrors July research from Kaspersky that found cryptocurrency mining attacks are replacing some ransomware attacks, as hackers are driven by financial gain. Further, while healthcare continues to be targeted by ransomware attacks, McAfee found the number of new variants has slowed – and cryptomining has surged.
For healthcare, IT leaders should look for suspicious network activity, such as CPU time, as these variants run in the background. Data and access should also be analyzed to monitor user behavior and detect abnormal behavior.