Agencies, New Delhi
Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded, according to American software company Symantec’s Internet Security Threat Report released on Wednesday.
“Cryptojacking is a rising threat to cyber and personal security,” said Tarun Kaura, Director, Enterprise Security Product Management, Asia Pacific and Japan,Symantec.
“The massive profit incentive puts people, devices and organisations at risk of unauthorised coinminers siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”
Symantec’s ISTR provides a comprehensive view of the threat landscape, including insights into global threat activity, cyber criminal trends and motivations for attackers.
The report analyzes data from the Symantec Global Intelligence Network, the largest civilian threat collection network in the world, records events from 126.5 million attack sensors worldwide and monitors threat activities in over 157 countries and territories.
During the past year, an astronomical rise in cryptocurrency values triggered a cryptojacking gold rush with cyber criminals attempting to cash in on a volatile market. Detections of coinminers on endpoint computers increased by 8,500 per cent in 2017.
India ranks second in Asia-Pacific Japan (APJ) region, ninth globally in terms of crypto mining activities.
With a low barrier of entry – only requiring a couple lines of code to operate – cyber criminals are harnessing stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency.
Coinminers can slow devices, overheat batteries, and in some cases, render devices unusable. For enterprise organisations, coinminers can put corporate networks at risk of shutdown and inflate cloud CPU usage, adding cost.
“Now you could be fighting for resources on your phone, computer or IoT device as attackers use them for profit,” added Tarun. “People need to expand their defenses or they will pay for the price for someone else using their device.”
IoT devices continue to be ripe targets for exploitation. Symantec found a 600 per cent increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse. Macs are not immune either with Symantec detecting an 80 per cent increase in coin mining attacks against Mac OS.
By leveraging browser-based attacks, criminals do not need to download malware to a victim’s Mac or PC to carry out cyber attacks. India ranks among the top five countries as source for IoT attacks.
The number of targeted attack groups is on the rise with Symantec now tracking 140 organised groups. Last year, 71 per cent of all targeted attacks started with spear phishing – the oldest trick in the book – to infect their victims. As targeted attack groups continue to leverage tried and true tactics to infiltrate organisations, the use of zero-day threats is falling out of favour.
Only 27 per cent of targeted attack groups have been known to use zero-day vulnerabilities at any point in the past, according to a company statement.