Crypto-mining malware makes inroads in SA

Simnikiwe Mzekandaba
By Simnikiwe Mzekandaba, IT in government editor
Johannesburg, 27 Jan 2020

In 2020, crypto-mining malware will continue to dominate the threat landscape, increasingly gaining popularity in SA.

This is based on data from Check Point’s 2020 Cyber Security Report, highlighting crypto-mining malware and online crypto-mining services as the stand-out findings, with nearly twice as many local organisations impacted compared to the global statistics.

Furthermore, the research shows Jsecoin, Cryptoloot and XMRig as dominating the malware landscape.

In 2018, Helge Husemann, product manager for Malwarebytes in EMEA, revealed illegal crypto-currency mining had pocketed an estimated $100 million.

According to Check Point, even though crypto-mining declined during 2019, linked to crypto-currencies’ fall in value and the closure of the Coinhive operation in March, 38% of companies globally were impacted by crypto-miners in 2019, up from 37% in 2018.

This, says the Israeli-based cyber security company, is because the use of crypto-miners remains a low-risk, high-reward activity for criminals.

“2019 presented a complex threat landscape where nation states, cyber crime organisations and private contractors accelerated the cyber arms race, elevating each other’s capabilities at an alarming pace, and this will continue into 2020,” says Lotem Finkelsteen, major intelligence officer at Check Point Software Technologies.

Finkelsteen adds: “Even if an organisation is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated. Beyond detection and remediation, organisations need to adopt a proactive plan to stay ahead of cyber criminals and prevent attacks. Detecting and automatically blocking the attack at an early stage can prevent damage.”

Rising threats

The Check Point research points out the African continent can expect ransomware incidents to continue, targeting organisations and municipalities.

“APT [advanced persistent threat] groups such as Silence seem to have shifted their focus to the African banking system, looking for new targets,” it says.

Last year, the City of Johannesburg found itself the target of a security breach, when its ICT infrastructure was hacked and payment to the value of 4.0 Bitcoin was demanded for ransom.

The city did not make the payment and several of its customer-facing systems – including the city’s Web site, e-services and billing system – were impacted by the hack.

The aim of the report is to highlight the main tactics cyber criminals use to attack businesses of all types around the globe, giving insight into what organisations need to look out for, and how they can win the war against cyber attacks.

In the report, Check Point says it covered five major trends, namely shifting attacks to supply chain targets, magecart attacks becoming an epidemic, attacks against the cloud environment, evolving mobile landscape and targeted ransomware.

Although these are global trends, the cyber security firm believes they are relevant for all regions, including the African continent.

Key security happenings in 2019 and trends expected in 2020 include:

  • Botnet armies to surge in size. According to Check Point, 28% of organisations globally were hit by botnet activity in 2019, an increase of over 50% compared with 2018. “Emotet was the most common bot malware used, primarily because of its versatility in enabling malware and spam distribution services. Other botnet actions such as sextortion e-mail activity and DDOS attacks also rose sharply in 2019.”
  • Targeted ransomware to hit hard. The firm says while the number of impacted organisations is relatively low, the severity of the attack is much higher – as seen in 2019’s damaging attacks against US city administrations. “Criminals are choosing their ransomware targets carefully, with the aim of extorting the maximum revenue possible.”
  • Mobile attacks to decline. Twenty-seven percent of organisations worldwide were impacted by cyber attacks that involved mobile devices in 2019, down from 33% in 2018, notes the company. “While the mobile threat landscape is maturing, organisations are also increasingly aware of the threat, and are deploying more protection on mobiles.”
  • Magecart attacks to become an epidemic. “These attacks, which inject malicious code into e-commerce Web sites to steal customers’ payment data, hit hundreds of sites in 2019, from hotel chains to commerce giants to SMBs, across all platforms.”
  • Cloud attacks to rise. “Currently, more than 90% of enterprises use cloud services and yet 67% of security teams complain about the lack of visibility into their cloud infrastructure, security and compliance. The magnitude of cloud attacks and breaches has continued to grow in 2019. Misconfiguration of cloud resources is still the number one cause for cloud attacks, but now we also witness an increasing number of attacks aimed directly at cloud service providers.”