Crypto-Mining Malware Tops Most Wanted List

Crypto-Mining Malware Tops Most Wanted List

Cybercriminals have options when it comes to choosing their attack weapons, which is why malware authors are likely grateful to those criminals who choose to target unpatched server vulnerabilities with crypto-mining malware.

According to the latest Global Threat Index published today by Check Point, targeting known vulnerabilities with crypto-mining malware dominated the threat landscape for the fourth consecutive month. 

Researchers analyzed threat data from a network of sensors and millions of data points across the globe and saw a trend in cyber-criminals targeting known vulnerabilities even though patches have been available for at least six months.

The Top Ten Most Wanted Malware Index for April 2018 lists the most wanted crypto-mining malware, the most wanted mobile malware, and the most wanted vulnerabilities. 

According to a Check Point researcher team blog post, cyber-crooks around the world are honing in on two particular vulnerabilities – one in Microsoft Windows Server and one in Oracle WebLogic – in order to mine cryptocurrency.

Attackers targeted 46% of global organizations for the known vulnerabilities in Microsoft Windows Server 2003 (CVE-2017-7269). Another 40% of global organizations were targeted for the Oracle WebLogic (CVE-2017-10271) vulnerability.

Designed to mine Monero without the user’s knowledge, the Coinhive variant held onto the top spot as the most prevalent malware at a global reach of 16%. "Cryptoloot – another crypto-mining malware – was close behind with a global reach of 14%,” researchers wrote.

"With crypto-mining malware’s consistent growth, cyber-criminals are innovating their techniques in order to find new ways to exploit victims’ machines and net more revenue,” Maya Horowitz, threat intelligence group manager at Check Point, commented.

The findings likely comes as no surprise, given the recent news that at least seven tech giants still use the vulnerable software that hackers exploited to attack Equifax last year.

Addressing Microsoft Windows Server and Oracle WebLogic, Horowitz said, “It is troubling that so many organizations were impacted by these known vulnerabilities, especially as patches for both have been available for at least 6 months."

With the high number of global organizations being targeted by these attacks, Robert Corradini, director of product management at 5nine said, "This could have been avoided by just following some simple rules. The biggest problem in IT security next to external sources is internal personnel not following the best practices of maintaining your systems to the latest updated patches, especially mission-critical applications."

Source: Information Security Magazine