Ransomware in decline, report confirms

Cryptominers dominated the malware landscape in the past 12 months, according to the latest security report by Check Point.

Researchers report that malware designed to hijack computers to mine cryptocurrency on behalf of cyber attackers represented the top four prevalent malware types in 2018, affecting 37% of organisations worldwide.

Despite a fall in the value of all cryptocurrencies, the researcher said 20% of companies continue to be hit by cryptomining attacks every week. Cryptomining malware emerged as a prevalent fund raising activity among cyber attackers in mid-2017, rapidly increasing in popularity driven the meteoric rise in the value of bitcoin, which reached a record high in December 2017 before starting a downward trend.

Cryptominers have also highly evolved recently to exploit high-profile vulnerabilities and to evade sandboxes and security products to expand their infection rates, the researchers warned.

While ransomware dominated the malware landscape in 2017, affecting around 48% of organisations at the height of its popularity, the Check Point researchers said the past year saw a sharp decline in the use of ransomware, with only 4% of the world’s organisations affected by ransomware attacks in 2018. However, this indicates that ransomware is still a popular attack type and cannot be ignored.

After cryptominers, mobile malware was the next most prevalent malware type, affecting 33% of organisations worldwide. The top three mobile malware types targeted the Android operating system. 2018 also saw several cases where mobile malware was pre-installed on devices, and apps available from app stores that were actually malware in disguise.

The third biggest malware trend, the report said, was the use of multi-purpose botnets to launch a range of attacks. It found that 18% of organisations were hit by bots which are used to launch distributed denial of service (DDoS) attacks and spread other malware. 

Bot infections were instrumental in nearly half (49%) of organisations experiencing a DDoS attack in 2018, the researchers found.

“From the meteoric rise in cryptomining to massive data breaches and DDoS attacks, there was no shortage of cyber disruption caused to global organisations over the past year,” said Peter Alexander, chief marketing officer of Check Point Software Technologies.

“Threat actors have a wide range of options available to target and extract revenues from organisations in any sector, and this report highlights the increasingly stealthy approaches they are currently using,” he said.

In the face of multi-vector, fast-moving, large-scale attacks, Alexander said organisations need to adopt a multi-layered cyber security strategy that prevents these attacks from taking hold of their networks and data.