The prevalence of cryptomining malware is increasing, and cybercriminals are fine-tuning and adopting delivery and propagation techniques to improve their cryptomining success rates, according to a threat landscape report from network security solutions provider Fortinet.
Key findings from Fortinet's "Threat Landscape Report Q1 2018" included:
- The number of cryptomining malware attacks more than doubled from quarter to quarter, rising from 13 percent to 28 percent.
- The number of unique exploit detections grew by over 11 percent to 6,623.
- Encrypted data now encompasses nearly 60 percent of all network traffic, up 6 percent quarter over quarter.
- 73 percent of organizations experienced a severe exploit.
- 59 percent of botnet infections are detected and cleaned up the same day, 18 percent of botnets persist for two days in a row and 7 percent last three days.
- 21 percent of organizations reported mobile malware.
Cyberattack trends and attack vectors continue to evolve, and some cybercriminals now prefer hijacking systems to ransomware, Fortinet noted in a prepared statement.
In addition, cybercriminals are increasingly using SSL and TLP encryption to hide malicious code and exfiltrate data, Fortinet stated. Yet some threat detection devices and signature-based antivirus tools cannot keep pace with the volume, variety and velocity of evolving malware attacks.
How Can MSSPs Help Organizations Address Malware Attacks?
IT teams often are "stretched too thin," Fortinet indicated. Fortunately, MSSPs can supplement an organization's IT team and provide security services to safeguard an organization, its employees and its customers against malware attacks.
CompliancePoint, an AlienVault partner and privacy, security and compliance services provider, offered the following recommendations to help MSSPs and their customers keep pace with malware:
- Use SIEM to find misconfigurations. Security information and event management (SIEM) tools enable MSSPs to identify misconfigurations that may create security dangers and cause unnecessary network traffic.
- Run reports. Providing weekly security reports – and automating these reports so they instantly reach customer inboxes – allows MSSPs to highlight how they are helping customers continuously identify and address cyber threats.
- Manage the entire security incident lifecycle. If a security incident occurs, provide the customer with details about the date and time of the incident, systems involved, remediation steps and other pertinent information.
There is no reason for customers to hear from an MSSP only during a crisis, CompliancePoint stated. If MSSPs dedicate time and resources to maintain constant communication with their customers, they can keep customers up to date about cyber threats and foster long-lasting customer partnerships.
