Content, Content

IBM X-Force Report: Cryptojacking Leapfrogs Ransomware?

The number of cryptojacking attacks – using an organization's or individual's computing power without their knowledge to mine cryptocurrencies – nearly doubled ransomware kidnapping incidents last year, IBM’s X-Force Threat Intelligence Index for 2019 said.

That’s striking enough but takes on even more meaning when seen in a wider view: Faced with improved security and greater industry awareness, cybercriminals have shape-shifted to depend less on malware and ransomware, their two staples of the past decade. Greater return-on-investment can be found in crytojacking, the criminal underground has apparently determined.

"One of the hottest commodities is computing power tied to the emergence of cryptocurrencies. This has led to corporate networks and consumer devices being secretly highjacked to mine for these digital currencies," said Wendi Whitmore, Global Lead, IBM X-Force Incident Response and Intelligence Services.

Other research concluded differently than IBM. While Symantec’s newly released Internet Security Threat Report agreed that ransomware use has declined among cyber crews, it observed that cryptojacking, owing to a 90 percent drop in cryptocurrency values in 2018, had also tumbled.

Additional findings from the IBM X-Force report:

  • More than half of cyberattacks (57 percent) leveraged common administration applications like PowerShell and PsExec to evade detection, while targeted phishing attacks accounted for nearly one third (29 percent) of attacks.
  • Business email compromise scams pays the bills: Targeted business email compromise scams accounted for 45 percent of phishing attacks.
  • Transportation is next up: The transportation industry became the second-most attacked sector in 2018, moving from 10th in 2017. The financial services industry remained the most attacked sector of 2018, accounting for 19 percent of all attacks.
  • Vulnerability reporting rising: Nearly one third (42,000) of all 140,000 vulnerabilities tracked by IBM X-Force were reported in the past three years. IBM said it finds an average 1,440 unique vulnerabilities per organization.
  • Misconfiguration plague: Publicly disclosed misconfiguration incidents increased 20 percent year-over-year. However, there was a 52 percent decrease in the number of records compromised due to this threat vector.

Over the course of 2018, attempts to install ransomware on X-Force monitored devices in Q4 declined to less than half (45 percent) of the attempts in Q1. By comparison, cryptojacking attacks more than quadrupled in the same time frame by 450 percent, according to IBM's data.

"If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return-on-investment is a real motivating factor for cybercriminals,” said Whitmore. “We see that efforts to disrupt adversaries and make systems harder to infiltrate are working. While 11.7 billion records were leaked or stolen over the last three years, leveraging stolen Personally Identifiable Information (PII) for profit requires more knowledge and resources, motivating attackers to explore new illicit profit models to increase their return on investment."

The report also offered a set of recommendations for organizations to increase cyber preparedness:

  • Adopt preventive measures such as threat hunting -- proactively searching networks and endpoints for advanced threats that evade prevention and detection tools.
  • Risk management models need to consider likely threat actors, infection methods and potential impact to critical business processes.
  • Organizations also need to be aware of risks arising from third parties, such as cloud services, suppliers and acquisitions.
  • Even organizations with a mature security posture may not know how to respond to a security incident. Ladership and crisis communications are key to rapid response and quickly resuming business operations.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.