Content, Content

Cryptojacking Balloons as Cyberattackers Shift Gears to Easier, High Volume Targets

Cyber Security, Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing

The volume of global cryptojacking in the first six months of this year is the highest on record, supplanting traditional ransomware as the most egregious malware to beset organizations.

That's the conclusion of SonicWall in its newly released 2023 Mid-Year Cyber Threat Report. The Milpitas, California-based security provider’s report covers evolving tactical behaviors from malicious cyber actors as they opt for different types of attacks other than seen in prior years.

Threat Actors Change Tactics

SonicWall said the data also suggests that increased law enforcement activity, stiff sanctions and victims’ refusal to pay ransom demands have pushed threat actors to opt for other means of revenue.

Here are some macro data from the report:

  • Intrusion attempts rose 21% with a record surge in cryptojacking volume at 399% to 332 million incidents in the first half of 2023.
  • Cryptojacking volume in North America spiked 345% and 788% in Europe.
  • IoT malware increased by 37% to 77 million events and encrypted threats rose 22% to 6 million incidents.
  • Opportunistic threat actors are aiming at education and government verticals.
  • SonicWall discovered 172,146 "never-before-seen" malware variants but down 36% year over year. The numbers suggest that bad actors are spending less time on research and development and more time on volume-based attacks, using open-source tools that may be less likely to be intercepted.
  • The lowest first half totals on ransomware attempts since 2020, down 41% despite big Q2 jump, suggest a likely rebound over the next six months.

SonicWall president and chief executive Bob VanKirk, explained that the threat landscape continues to expand and intensify:

“Threat actors are relentless, and our data indicates they are more opportunistic than ever, targeting schools, state and local governments, and retail organizations at unprecedented rates. The 2023 SonicWall Mid-Year Cyber Threat Report helps us better understand the mindset and criminal behavior that will in turn help SonicWall create the right countermeasures, and help organizations protect themselves by being better prepared and build stronger defenses against malicious activities.”

A Deeper Dive into the Report

Here is some drill down data from the report:

  • On cryptojacking. While cryptojacking has exploded, ransomware has shifted strategy, as bad actors are pivoting to lower-cost, less risky attack methods with potentially high returns like cryptojacking, said SonicWall vice president of product security Bobby Cornwell.“It also explains the reason we’re seeing higher levels of cybercrime in regions like Latin America and Asia. Hackers search for the weakest points of entry, with the lightest possible repercussions, limiting their risk and maximizing their potential profits.”
  • On verticals. Prominent attacks continued to plague enterprises, cities, airlines, and even K-12 schools, causing widespread system downtime, economic loss and reputational damage. While several industries followed the global trend of ransomware volume decline, they saw a huge growth in cryptojacking attacks: education (+320X), government (+89X) and healthcare (+69X).
  • On malware by geographic region. Total global malware volume dipped slightly by -2% in the first half of 2023, with the U.S. and U.K. logging the biggest dips at -14% and -7%, respectively. Surprisingly, malware numbers climbed in every other tracked region. On Europe saw an (+11%) increase, while Latin America malware jumped (+19%) – suggesting a geo-migration of threat actor behavior as they move from targeting traditional hotspots to more opportunistic locations.
  • On ransomware. Despite the 41% global decline in the number of incidents, Q2 suggests a potential rebound, as it spiked 74% when compared to Q1. Some countries still felt the sting of ransomware attacks as Germany increased by 52% and India spiked by +133%.
  • On IoT malware. Global volume rose 37%, totaling almost 78 million hits by the end of June. As connected devices continue to rapidly multiply, bad actors are targeting weak points of entry as potential attack vectors into organizations.
  • On encrypted threats. Another quieter approach embraced by bad actors in the last six months was encrypted threats, which climbed 22% globally.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.