SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

IBM Security: Cybercriminals focusing on cryptojacking

By Newsdesk
Mon 4 Mar 2019
FYI, this story is more than a year old

IBM Security has announced results from the annual 2019 IBM X-Force Threat Intelligence Index, which found that increased security measures and awareness are driving cybercriminals to alter their techniques in search of a better return on investment.

As a result, the report details two major shifts, including a surprising move away from ransomware and a decreased reliance on malware overall.

IBM X-Force noted a significant decline in ransomware used in attacks.

In fact, IBM spam researchers only tracked one ransomware campaign in 2018 from one of the world's largest malware spam distribution botnet, Necurs.

IBM X-Force also observed that the number of cryptojacking attacks – the illegal use of an organisation's or individual's computing power without their knowledge to mine cryptocurrencies – were nearly double the amount of ransomware attacks in 2018.

With the price of cryptocurrencies like Bitcoin hitting a high of nearly $20,000 going into 2018, lower-risk/lower-effort attacks secretly using a victim's computing power were seen as more profitable.

The IBM X-Force Threat Intelligence Index also found that cybercriminals were changing their stealth techniques to gain illegal profits.

IBM X-Force saw an increase in the abuse of operating system tools, instead of the use of malware.

More than half of cyber attacks (57%) leveraged common administration applications like PowerShell and PsExec to evade detection, while targeted phishing attacks accounted for nearly one-third (29%) of attacks.

IBM X-Force Threat Intelligence Index comprises insights and observations from monitoring 70 billion security events per day in more than 130 countries.

In addition, data is gathered and analysed from multiple sources including X-Force IRIS, X-Force Red, IBM Managed Security Services, and publicly disclosed data breach information.

IBM X-Force also runs thousands of spam traps around the world and monitors tens of millions of spam and phishing attacks daily while analysing billions of web pages and images to detect fraudulent activity and brand abuse.

Additional findings include:

  • Vulnerability reporting on the rise: Nearly one third (42,000) of all 140,000 vulnerabilities tracked by IBM X-Force over the last 30 years, were reported in just the past three years. In fact, IBM X-Force Red finds an average of 1,440 unique vulnerabilities, per organisation.  
  • Misconfigurations still plague organisations: Publicly disclosed misconfiguration incidents increased 20% year-over-year. Interestingly, there was a 52% decrease in the number of records compromised due to this threat vector.  
  • BEC continues to pay the bills: Phishing campaigns made heavy use of targeted Business Email Compromise (BEC) scams, which accounted for 45% of the phishing attacks tracked by X-Force.  
  • Transportation emerges as industry to watch (forcyber attackss): The transportation industry became the second-most attacked sector in 2018 – moving up the ranks from 10th in 2017.

IBM X-Force incident response and intelligence services (IRIS) global lead Wendi Whitmore says, “If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return on investment is a real motivating factor for cybercriminals.

“We see that efforts to disrupt adversaries and make systems harder to infiltrate are working,” Whitmore adds.

“While 11.7 billion records were leaked or stolen over the last three years, leveraging stolen personally identifiable information (PII) for profit requires more knowledge and resources, motivating attackers to explore new illicit profit models to increase their return on investment.

“One of the hottest commodities is computing power tied to the emergence of cryptocurrencies. This has led to corporate networks and consumer devices being secretly highjacked to mine for these digital currencies.

The rise of criminal PowerShell power users

Increasing awareness of cybersecurity issues and stricter security controls are making it harder for cybercriminals to establish footholds on target systems.

As a result, the use of malicious software in attacks appears to be on the decline.

More than half (57%) of attacks analysed by X-Force in 2018 revealed threat actors did not rely on file system resident malware.

Those who made the most frequent use of malware were major cybercriminal gangs and advanced persistent threat (APT) groups.

In cases where networks were compromised by attackers, IBM X-Force saw a major shift to cybercriminals abusing existing operating system tools – instead of malware to achieve their goals.

Core to these techniques is the advanced use of PowerShell, a built-in operating system tool capable of executing code from memory and providing administrative access directly to a device's core.

IBM X-Force IRIS has also observed attackers running Windows Management Interface Command (WMIC) queries, which are then used to automate the remote execution of PowerShell commands and scripts, among other functions designed to run queries, search databases, access user directories, and connect to systems of interest.

Cybercriminals hack systems to make money on business' dime

Cybercriminals are not ones to spend money on expensive hardware or legitimately mine cryptocurrency.

Instead, they have developed various tools and tactics to infect both corporate servers and individual users with coin-mining malware to perform the work for them.

In turn, these infections hijack computing power, resulting in increased CPU usage and slowed devices.

This cryptojacking trend is virtually exploding, and cybercriminals have the advantage as two of the most common infection vectors are phishing and injecting code into websites with weak security controls.

IBM X-Force has discovered that illicit cryptojacking attacks are on the rise while ransomware seems to be on the decline.

Over the course of 2018, attempts to install ransomware on X-Force monitored devices in Q4 (Oct.- Dec.) declined to less than half (45%) of the attempts in Q1.

Instead, cryptojacking attacks more than quadrupled in the same timeframe by 450%.

Transportation industry an increasing cybercrime target

Cybercriminals aren't just changing how they hack, but also who they target.

The Financial industry remained the most attacked sector of 2018 accounting for 19% of all attacks observed by IBM X-Force IRIS.

However, the Transportation Industry—which did not even make the top five list last year—moved to the second most attacked sector in 2018, with attempted attacks increasing three-fold since the year prior.

It is not just a matter of the sheer volume of attacks, but also in the caliber of victims.

X-Force saw more public disclosures in 2018 than in previous years in the transportation industry. These disclosures likely encouraged hackers as they may reveal that these companies are vulnerable to cyber attacks and that they hold valuable data such as customer data, payment card information, PII, and loyalty reward accounts.

The report features data IBM collected between January 1, 2018 and December 31, 2018, to deliver insightful information about the global threat landscape and inform security professionals about the threats most relevant to their organisations.

Related stories
Top stories
Story image
Video: 10 Minute IT Jams - An update from SearchInform
Val Novoselova joins us today to to discuss new trends in the information security space, and how SearchInform is adapting to some of the new trends we are seeing.
Story image
Secure Code Warrior
Secure Code Warrior announces Coding Labs innovation
Coding Labs mechanisms allow developers to move from learning to applying secure coding knowledge more efficiently, leading to fewer code vulnerabilities.
Story image
Vectra Protect team finds Microsoft Teams vulnerability
The Vectra Protect team identified a post-exploitation opportunity in August, allowing malicious actors to steal valid user credentials from Microsoft Teams.
Story image
StackHawk launches deeper API security test coverage
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs.
Story image
Absolute recognised in KuppingerCole Leadership Compass 2022
The company's Absolute Secure Access was recognised for its ability to protect users and resources while improving the remote worker experience.
Story image
Virtualisation Security Market to reach over $7 billion by 2032 - report
A new report from Future Market Insights has found that the Virtualisation Security Market is anticipated to reach a valuation of US $7.6 billion.
Story image
Software Defined Wide Area Network
Versa Networks recognised as Leader in Magic Quadrant for SD-WAN
The company has been positioned as a Leader for its ability to execute and convey completeness of vision in the Magic Quadrant.
Story image
Cyber security incidents more common in APAC - report
Chief financial officers in the Asia Pacific are woefully uninformed about their company's cyber security risks, according to a new report.
Story image
Confidence in security challenges of hybrid work improving
84% of IT professionals have some degree of confidence in their user access security systems to enable remote work securely and easily, up from 56% in 2021.
Story image
Network Security
20/20 visibility key to improving network security
IT leaders around the world share a ubiquitous appetite for greater network visibility, according to a new study from Infoblox.
Story image
Barracuda tackles intensified threat landscape with latest releases
"The Barracuda XDR solution combines data across our security stacks through a single dashboard view, giving us the visibility we need."
Story image
Concentric AI, Snowflake to enhance data security posture
The integration benefits joint customers by making Concentric AI's data security posture management capabilities readily available on the Snowflake Data Cloud. 
Story image
Data Protection
Barracuda adds web security in Zero Trust Access solution
The latest release of Barracuda CloudGen Access protects users from malicious web content and strengthens integration with identity providers.
Story image
Netskope launches enhancements to cloud firewall solution
Netskope has announced key enhancements to Netskope Cloud Firewall, the firewall-as-a-service (FWaaS) component of its converged SASE platform.
Story image
Hands-on review: Yubikey 5C NFC
Founded in 2007 and specialising in computer and network security, the Swedish company Yubico is now a leader in global authentication.
Story image
Distributed Denial of Service
Reevaluating DDoS protection for a changing threat landscape
DDoS attacks are gaining in frequency, intensity, duration, and complexity, with attackers employing more vectors
Story image
Security and compliance challenges halt innovation strategies
"What’s needed is a new mindset and a fresh approach, one in which security and compliance are continuous and actually speed innovation."
Story image
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
Story image
Varonis unveils new security features for Salesforce admins
Data security firm adds one-click permissions comparison and analysis features for Salesforce admins, saving them time while improving security posture.
Story image
Artificial Intelligence
ForgeRock announces next gen identity orchestration capabilities
ForgeRock has launched identity orchestration capabilities to enable enterprises to deliver improved user experiences secured by threat protection.
Story image
SonicWall threat report mid-year update highlights significant threat variance
The 2022 SonicWall Cyber Threat Report mid-year update from SonicWall gives an in-depth insight into many of the current trends across the threat landscape.
Story image
Aqua Security solution to stop software supply chain attacks
Development and security teams can now proactively address the most critical software supply chain risks from code through runtime.
Story image
Digital Transformation
Report highlights gaps in trust between enterprises and consumers
ISACA defines digital trust as the confidence in the integrity of relationships, interactions and transactions among providers and consumers.
Story image
Customer Relationship Management
Why Managed Service Providers are the next big target
MSPs are now such an integral part of the digital ecosystem that companies trust more of their sensitive data with them
Story image
Crypto giveaway scams continue to soar, according to report
There's been a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. 
Story image
Entrust advances Sigma Instant Issuance Platform for cards
Unique light curing module for Entrust Sigma instant issuance systems brings new financial card durability and personalization to card issuers.
Story image
Artificial Intelligence
Artificial Intelligence in cybersecurity - Future Market Insights
It is projected that revenue through the software segment in the AI in the cybersecurity market will grow at 15.8% CAGR during the forecast period. 
Story image
August's top malware: Emotet knocked off top spot
FormBook is now the most prevalent malware, taking over from Emotet, which has held that position since its reappearance in January.
Story image
Absolute Software extends persistence technology to Trellix
Customers can benefit from Absolute’s firmware-embedded connection, ensuring that Trellix's endpoint protection solution remains effective and healthy.
Story image
Security vulnerabilities
Claroty finds seven vulnerabilities in Dataprobe iBoot-PDU
The Claroty research team (Team82) has found seven vulnerabilities in Dataprobe's iBoot-PDU, the company's intelligent power distribution unit product.
Story image
IT infrastructure
Check Point Software Technologies launches new Horizon innovation
There is now a need for all organisations to have a security operations centre with 24/7 monitoring, response, and threat-hunting capabilities.
Story image
Software Defined Wide Area Network
Fortinet named Leader for SD-WAN in 2022 Gartner Magic Quadrant
The company has announced it has been positioned highest in ability to execute for two years in a row and recognised for completeness of vision.
Story image
Barracuda adds Zero Trust Access to enhance email security
The new capabilities allow customers to control access to email systems and Microsoft 365 applications on a need-to-know basis, enhancing email security.
Story image
Web Development
Oracle reveals and releases new Java 19 updates
Oracle has announced the availability of Java 19, which is set to deliver performance, stability, and security improvements for developers.
Story image
Delinea shares the importance of PAM, partners and security for modern enterprise
Identity-based security is becoming a crucial tool for modern enterprises as they continue to adapt to different working environments.
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Cloud Security
CrowdStrike launches new partner program to expand routes to market
"We developed the CPSP program in partnership with GSIs, MDR vendors, MSPs, MSSPs and Telcos to ensure we were meeting their needs and empowering them."
Story image
IoT security
Nozomi Networks and WALLIX strengthen OT network security
By combining WALLIX and Nozomi Networks solutions, end-to-end visibility and traceability for maximum security in an industrial environment is provided.
Story image
Commvault unveils early warning system, Metallic ThreatWise
A first among data protection vendors, the new cyber deception service detects and contains ransomware threats.