In Q1 2018, Comodo Cybersecurity Threat Research Labs’ experts analyzed 300 million malware incidents worldwide and witnessed the sharp rise of cryptomining attacks, a surprising decline in ransomware, increasingly sophisticated password stealers and malware patterns that coincided with escalating geopolitical tensions. Let’s take a closer look.
Cryptomining Attacks Change: Follow the Money
Comodo Cybersecurity’s Global Malware Report Q1 2018 report is among the industry’s first presenting new 2018 information for the quarter just ended.
Current threat analysis shows a very different picture from 2017. During the first three months of 2018, cryptominers surged to the top of detected malware incidents, displacing ransomware — which declined significantly in volume — as the number one threat.
As bitcoin jumped in value up to $20,000 in 2017, it became a prime target for cryptomining attacks. The real surge, however, came this year as cryptominer attacks grew to 28.9 million, amounting to a 10% share of all malware incidents during the first quarter. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March.
Another surprising finding: altcoin Monero now has the dubious honor of being the leading target for cryptominers’ malware, replacing Bitcoin. The reasons why hackers prefer cryptomining and love Monero, and how these attacks work, are detailed in the full report and the infographic.
Ransomware Declines Dramatically, as Attackers Shift Strategy
The 2018 data shows criminal attention to mining seems to have come at the expense of ransomware activity, for which new variants fell from 124,320 in January to 71,540 in March, a 42% decrease.
While ransomware represented 4 out 10 of all malware detections in August 2017, it declined to less than 1 in 10 in February 2018. Attacks are less successful because attackers have not innovated malware code and companies have adopted anti-ransomware measures, such as virtualizing infrastructures. Comodo Cybersecurity believes that ransomware will reemerge as a major threat, possibly as a weapon of data destruction, as demonstrated by NotPetya. The report dives deeply into how ransomware attacks work and explains why companies should be concerned about a resurgence.
Password Stealers are Becoming More Complex and Dangerous
Comodo Cybersecurity experts have witnessed the rise of sophisticated password stealers, with the Pony Stealer Trojan the leading choice for malware payload. Cybercriminals are motivated by financial factors, as world wealth increases and online banking accounts are linked to cryptowallets.
Password stealers like Pony Stealer penetrate a victim’s computer, covertly extract secret information and cover their traces to avoid detection. This topic is covered extensively in the report
Geopolitical Tensions Rise Globally, Changing Malware Patterns
In Q1 2018, the U.S., Russia and China made the news on the geopolitical scene. For an analysis of key events and how they correlated with threat patterns, please download the Q1 2018 Threat Report or the infographic.
About the Comodo Cybersecurity Global Malware Report
The Comodo Cybersecurity Threat Research Labs’ Global Malware Report: Q1 2018 summarizes global malware patterns, providing business and technology decision makers with critical insights they can use to improve enterprise security. This publication is a quarterly threat report published by Comodo Cybersecurity Threat Research Labs, a group of more than 120 security professionals, ethical hackers, computer scientists and engineers who work for Comodo Cybersecurity full time analyzing malware patterns across the globe. Comodo Cybersecurity is a division of Comodo Security Solutions Inc., a global innovator of cybersecurity products for the enterprise.