Cryptojacking Attacks Growing Rapidly, Trend Micro Reports

Trend Micro's 2018 midyear security report finds that ransomware attack volume is growing slowly, while cryptojacking continues to escalate.

Trend Micro midyear 2018

Trend Micro released its 2018 midyear security roundup on Aug. 28, revealing slowing growth of ransomware attacks, while cryptojacking attacks are surging.

Among the highlights of the 40-page report is that in the first half of 2018, there was a 956 percent increase in cryptojacking attacks over the first half of 2017. Cryptojacking refers to unauthorized cryptocurrency mining, which can end up consuming a victim's system resources.

"For now it does appear that this trend will continue for the foreseeable future, but with crypto-currency values changing quite wildly, we could see a decrease in this threat," Jon Clay, director or global threat communications for Trend Micro, told eWEEK. "We do think we'll see an increase in targeting of owners of crypto-currencies or the exchanges themselves, as the opportunity to steal more coins is higher there than the prospect of mining coins."

Multiple organizations have warned about the rise in cryptojacking in 2018. A report from security firm Palo Alto Networks released on June 11 estimates that attackers have generated at least $143 million in illicit earnings from cryptojacking.

While cryptojacking attacks have grown in the first half of 2018, ransomware attacks have stalled somewhat. Trend Micro reported that ransomware detections in the first half of 2018 were up by only 3 percent from the second half of 2017. It's currently unclear if ransomware will grow faster in the second half of 2018.

"It is hard to say whether we'll see this threat re-emerge, but with crypto-currency values wildly fluctuating, the threat actors may decide ransomware is a more stable money maker," Clay said. "But what could offset this are the improved technologies to detect ransomware at time zero, which means the actors may have to improve their malware creations or create better obfuscation techniques with this threat."

Ransomware attackers are being more selective with their attacks, targeting business-critical systems because businesses will be more likely be pay them to restore these systems quickly; doing so also allows them to increase their ransom demands, he said.

In addition to cryptojacking, attackers are profiting from business email compromise (BEC) attacks. Trend Micro observed that BEC attempts grew by 5 percent in the first half of 2018, compared with the second half of 2017. According to an estimate released by the FBI's Internet Crime Center on July 12, between December 2016 and May 2018, there was a 136 percent increase in identified global exposed losses from BEC attacks.


The Trend Micro report also includes data on vulnerability disclosures, taken from the company's Zero Day Initiative (ZDI) division, which is in the business of acquiring vulnerabilities from security researchers. The ZDI report, which was released in July, found an increase in Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) system vulnerabilities. 

"The increase in the number of SCADA-related vulnerabilities is a good thing as we’re seeing researchers focusing more in this area and allowing us to responsibly disclose these vulnerabilities," Clay said. 

Among the vulnerabilities that were publicly disclosed in the first half of 2018 were the Meltdown and Spectre CPU vulnerabilities. While those vulnerabilities do represent risk to enterprises, vendors have released patches and it's not entirely clear what the impact has been.

"We have not seen any actual attacks, nor can we estimate the percentage of organizations that have patched the vulnerabilities," Clay said about the Meltdown and Spectre vulnerabilities.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.