The stage may be being set for a significant campaign of malware-facilitated blackmail, according to the regional head of Malwarebytes.
At the moment it’s only internal conjecture by the security software vendor’s research team — but Jim Cook, Malwarebytes regional director of Australia and New Zealand, says it’s considered a possible explanation for a rise in Trojans the company has witnessed.
Ransomware gathered a lion’s share of information security-headlines in 2017 thanks to high-profile attacks such as WannaCry and NotPetya. However, encrypting files and demanding a ransom for the key to decrypt them has not proven to be particularly lucrative for criminals, Cook said.
As a result, new money-making ventures look set to become significantly more popular than ransomware.
“We’ve seen a sharp rise in the amount of Trojans, particularly in Australia,” Cook said. “Trojans sit on a machine and then exfiltrate information – so it may be more targeted,” he added.
One potential explanation for the rise in Trojans is that instead of the ransomware approach of denying an individual access to their files, criminals are instead looking at threatening to make private information, public — “We’ve got your browsing history here – do you want me to publish it?”
“It’s not an automated process; there’s an element of human interaction,” Cook said. “We believe that’s something we’re going to see more of – because if they can’t hold it to ransom they can still steal it and use it.”
Cook said one alternative to ransomware that has become increasingly popular is malware-driven cryptomining —using a host machine to quietly mine Bitcoin or some other cryptocurrency.
“We’re seeing a really sharp rise in that – and I think it will be round for a while because it doesn’t have a ‘direct’ effect on the end user,” Cook said. “There’s the opportunity to make billions of dollars just by stealing the CPU cycles and electricity off people.”
In some cases rather than stealthily installing malware containing the mining code on a system, it could be browser-executed code or even a smartphone game.
“Malicious cryptomining has increased dramatically in the last few months, while virtually all other malware is on the decline,” states Malwarebytes’ latest cybercrime tactics and techniques report, which was released today.
“Even though adware retained its position as our number one consumer detection, it did so only by the skin of its teeth, as malware-based cryptomining is now nipping at its heels in the number two spot. In addition, detections of cryptomining malware for businesses increased by 27 percent over last quarter, bringing it up to the second-highest overall threat detection for businesses this quarter.”
However, the report states that, in the Asia Pacific region, Android ransomware was the threat that saw the most growth in the first quarter, increasing 1173 per cent on Q4 2017. Detection of cryptomining malware actually dropped 51 per cent in the region, despite the global increase.