Cryptomining is now a bigger threat than ransomware, according to a new report.Malware that harnesses its victim’s computer processing power to mine cryptocurrency, cryptomining accounted for 52% of threats identified in the first half of 2018.
The 2018 Webroot Threat Report: Mid-Year Update also reports that cryptojacking, another cryptocurrency mining form of malware, is becoming more common. Cryptojacking, which hijacks website visitors’ CPU power with malicious browser scripts, accounted for 35% of threats recorded between January to June 2018.
Phishing attempts soared by more than 60% during this period. Dropbox supplanted Google as the most impersonated company for phishing attacks, accounting for 17% of phishing emails.
The report found that companies are much less likely to fall prey to phishing attacks if they run security awareness training. Those running 1-5 campaigns saw a 33% drop in their phishing click-through rate, falling to 28% for 6–10 campaigns and 13% for 11 or more.
Criminals are increasingly targeting unsecured remote desktop protocol (RDP) connections as an attack vector, both to access and infect systems with ransomware and to perform reconnaissance. Criminals can buy access to systems with unsecured RDP on the dark web.
The report revealed that cybercriminals are becoming more sophisticated and targeted in their attacks.
“Cybercriminals display an amazing ability to adapt to maximise their profits,” said Tyler Moffitt, senior threat research analyst at Webroot. “Businesses need to adopt the same nimble mindset toward their cybersecurity. They need to continually reassess risks, adopt a multi-layered approach, and, ultimately, educate their employees about the latest threats on an ongoing basis.”
Webroot reports a rise in the proportion of consumers (75% versus 72% six months ago) and businesses (40% versus 32%) who now have Windows 10 installed on their PCs. The latest incarnation of the computer operating system is thought to be more cyber secure than its predecessors.
