We can never make our computer systems perfectly secure, and the underlying hardware can be just as susceptible to exploitable flaws as the software that runs on it. So opens the Webroot mid-year 2018 report.
The threat actors aren’t standing still. They constantly evolve methods, techniques and evasion approaches, the report warns: “They are pivoting from ransomware to cryptojacking. Increasingly sophisticated phishing attacks are stealing
credentials, introducing malware, and doing reconnaissance. Phishing attacks are also becoming more targeted, as
criminals find ever-more-valuable information stores.
“The Webroot Threat Research Team has analysed the data from our customer base during the first half of 2018. This
mid-year threat report not only shows the stats, but also tells the story behind the headlines. The bottom line from
our observations: it has never been more important to implement a robust, effective, multi-layered and continuously
evolving security approach to keep valuable data and systems secure.”
Dropbox overtook Google in the first half of 2018 as the most impersonated company for phishing attacks, accounting for 17 percent of phishing emails. Accessing a business’ Dropbox offers data such as financial accounts, personal information, and corporate intellectual property, besides cryptokeys, potentially unlocking a massive amount of mission-critical and highly sensitive data, according to the report.
For businesses, risk decreases with more security awareness training and phishing attack simulations, the report suggests. Companies that ran one to five campaigns saw a 33 percent phishing click-through rate. For companies that ran six to ten campaigns, the click-through rate dropped to 28 percent; and for companies that ran 11 or more campaigns, click-through rates fell to only 13 percent.
Xxgasm.com tops the list of most popular cryptomining domains, garnering 31 percent of traffic. Coinhive.com was not far behind.
Tyler Moffitt, Senior Threat Research Analyst at Webroot said: “Cybercriminals display an amazing ability to adapt to maximise their profits. Businesses need to adopt the same nimble mindset toward their cybersecurity. They need to continually reassess risks, adopt a multi-layered approach, and, ultimately, educate their employees about the latest threats on an ongoing basis.”
Comment
Simon Townsend, CTO – EMEA at Ivanti, said: “Some may argue that cryptojacking is just a minor nuisance and a largely victimless crime, but in fact the damage comes from just how energy intensive it is. While the immediate effects may not be as crippling as a large-scale ransomware attack, costs build up because cryptojacking can slow down systems and destroy technology, which are costly on their own but can also lead to downtime. Drains on electricity can also cause incredibly high bills, and are bad for the environment.
“For example, the electric cost of cryptojacking attack Coinhive on just one desktop computer was 1.212kWh of electricity over the space of 24 hours. According to the Energy Savings Trust, the average cost of electricity in the UK per kWh is 14.37p, so this would cost 17.42p per day, or £5.22 per month. For an organisation made up of hundreds (if not thousands) of computers, this could quickly become very expensive. In some cases, cryptojacking has also been known to completely destroy IT equipment due to the heavy and unrelenting strain that the hardware is put under by mining software. Organisations need to tackle cryptojacking head on in order to protect IT hardware and software, save on extra energy costs and ultimately retain business that may be lost due to downtime.
“To prevent these attacks, organisations need to make sure that everything on their network is monitored and checked regularly, from PCs to websites. And when using third party tools, they should put protections into place and not link directly to source codes (the behind-the-scenes workings of what makes any computer program function) which aren’t their own. Businesses should also invest in resources for IT and security teams that give them a holistic view of what is going on in their environments, because they can’t protect or defend against threats they don’t know about. Finally, a layered approach to cybersecurity reduces attack surfaces, detects attacks that do get through, and helps cybersecurity professionals to take rapid action to contain malicious activity and software vulnerabilities. The financial outlay on a layered cybersecurity solution might seem costly, but finance teams in charge of investing in technology should see this as a critical insurance policy against cyberattacks that could completely cripple a business. Investment in cybersecurity is nothing compared to what cryptojacking could cost an unprotected organisation.
“Users, including financial teams who are often targets of cyberattacks, can also do their bit to stop the spread of cryptojacking. It’s important not to download files from suspicious websites, or open attachments from email addresses you don’t recognise. Furthermore, users can protect themselves online through the use of browser plug-ins that block attempts from websites trying to hijack their PCs.”
