Cryptomining attacks exceeded ransomware cases in 2018: Skybox study

Attacks from cryptominers exceeded those of ransomware in 2018, in a deviation from 2017, a report from cybersecurity company Skybox showed.

According to the report, ransomware reigned supreme, accounting for 28% of malware attacks in 2017, while cryptominers only made up 9%. In 2018, ransomware dropped to 13% of malware attacks and cryptominers soared to 27%.

“While cryptomining may seem like a relatively innocuous, low-priority threat, it’s important to remember that these attacks slow down system processes and may overwhelm system capacity,” said Skybox senior security analyst Sivan Nir.

“More than that, it’s impossible to predict what the attacker’s end goal may be. The cryptominer may be only part of a larger attack structure. By letting them set up home in your network, you’re inviting them to try to gain access to other parts of your environment,” he added.

The report also showed that the attack landscape had increased, with at least 16,412 new common vulnerabilities and exposures (CVEs) coming to the fore in 2018, which is a 12% increase over the last year.

“It would come as no surprise if 2019 breaks the CVE record again,” said Skybox director of threat intelligence Marina Kidron.

“While more resources in vulnerability research is what’s driving these high numbers, that’s cold comfort to CISOs (chief information security officers) trying to keep their organisation safe. The challenge of answering, ‘What do I fix today?’ is only getting harder— unless you have the right information to contextualise this mountain of data," she explained.

Ron Davidson, Skybox tech chief and vice-president of research and development, echoed her.

Other findings of the report include risks to the growing attack surface, including operational technology (OT) networks. The report said that attacks on OT continue to climb, with a 10% increase between 2017 and 2018. 

While these attacks range in motive and impact, the WannaCry outbreak in Taiwan Semiconductor Manufacturing Company was a prime example of how a cybercriminal tool like ransomware, nation-state threats and internal exposure can create the perfect storm to wreak havoc on a network, as well as a company’s bottom line.

The report also warns of a false sense of security in cloud networks. While the security of clouds is relatively strong, misconfiguration issues within them can still abound and security issues can arise within the applications used to manage such networks.

The report also provides examples of attacks on cloud networks including last year's attempt at Tesla’s Amazon Web Services network. 

"While attackers could have accessed a variety of information, they instead used the opportunity to launch a malicious cryptominer, pointing to a larger trend in the threat landscape of stealing computational power rather than data," the report said.