There has been a surge of cryptomining malware attacks, both globally and in South Africa, with an endpoint cryptomining malware known as the XMRig variant has been particularly prevalent.
This is according to Check Point Software Technologies ‘ Global Threat Index for the month of March.
First seen in the wild in May 2017, XMRig entered Check Point’s top ten most wanted malware index (8th) for the first time during March 2018, after a 70% increase in global impact. By working on the end point device rather than the web browser itself, XMRig is able to mine the Monero cryptocurrency without needing an active web browser session on the victim’s computer.
“Cryptomining malware has been quite the success story for cybercriminals, and XMRig’s rise indicates that they are actively invested in modifying and improving their methods in order to stay ahead of the curve,” said Doros Hadjizenonos, Check Point country manager for SADC.
“Besides slowing down PCs and servers, cryptomining malware can spread laterally once inside the network, posing a major security threat to its victims. It is therefore critical that enterprises employ a multi-layered cybersecurity strategy that protects against both established malware families and brand new threats.”
In March, Coinhive retained its most wanted spot for the fourth consecutive month impacting 18% of organisations globally, followed by the Rig EK Exploit Kit in second (17%) while the Cryptoloot miner was third (impacting 15%). XMRig was the 8th most common malware variant, impacting 5% of organisations.
March’s top three “most wanted’ malware in South Africa was:
* Coinhive – Crypto-Miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s knowledge or approval.
* Cryptoloot – Crypto-Miner malware, using the victim’s CPU or GPU power and existing resources for crypto mining – adding transactions to the blockchain and releasing new currency.
* Andromeda – Andromeda is a modular bot for malicious activity, first spotted in 2011. It is used mainly as a backdoor to deliver additional malware on infected hosts, but can be modified to create different types of botnets.
For the first time Check Point researchers also analysed the most exploited cyber vulnerabilities. CVE-2017-10271 came first with a global impact of 26%, in second place was the SQL injection vulnerability impacting 19%, and in third place was CVE-2015-1635 with a global impact of 12% of organisations.