Malicious cryptocurrency miners expectedly become top threat in US: WatchGuard security research

Platform level view of International District/Chinatown station, Seattle, WA. WatchGuard Technologies is located nearby at 505 Fifth Avenue South, Suite 500.

WatchGuard® Technologies, a leading advanced network security solutions firm, announced in a press release CoinReport received from Voxus, WatchGuard’s PR company, the findings of its Q2 2018 Internet Security Report, which investigates the latest security threats affecting small to medium-sized businesses and distributed enterprises. One of the findings of the report is malicious cryptocurrency miners have expectedly become a top threat in the United States.

Malicious digital currency miners are, as anticipated, continuing to grow in popularity as a hacking tactic, entering WatchGuard’s top 10 malware list for the first time in the second quarter of the year, says the network security firm’s report.

WatchGuard exposed its first named cryptominer, Cryptominer.AY, last quarter. The cryptominer matches a JavaScript cryptominer called “Coinhive” and uses its victims’ computer resources to mine the popular privacy-focused digital currency Monero (XRM).

According to the data, victims in the United States were the top geographical target for this cryptominer, receiving about 75 percent of the total volume of attacks.

Other findings of the report include:

• 50 percent of government and military employee LinkedIn passwords were weak enough to be cracked in less than two days, with the most common passwords used by their accounts being “123456,” “password,” “linkedin,” “sunshine,” and “111111.” Just over 50% of civilian passwords were also found to be weak.
• Mimikatz was the most prevalent malware variant in Q2. Last quarter, it represented 27.2 percent of the listed top 10 malware variants. This surge suggests that authentication attacks and credential theft are still major priorities for cyber criminals.
• Web is used to deliver more than 75 percent of malware attacks. A total of 76 percent of threats from Q2 were internet-based, suggesting that organizations need an HTTP and HTTPS inspection mechanism to prevent the vast majority of attacks.
• Malicious Office documents are still heavily relied upon by cyber criminals, who exploit old vulnerabilities in the product to fool unsuspecting victims. WatchGuard’s top 10 list includes three new Office malwares, with 75 percent attacks from these targeting EMEA victims, with a heavy focus on users in Germany in particular.

Along with insights into the top attacks in Q2 and defensive plans of action SMBs can use to improve their security, the complete report features an in-depth analysis of the EFail encryption vulnerability. The findings are founded on anonymized Firebox Feed data from almost 40,000 globally active WatchGuard UTM appliances, which blocked about 14 million malware variants (449 per device) and more than 1 million network attacks (26 per device) in Q2.

The full report can be downloaded from here.

Image credit – Steve Morgan  (CC BY-SA 4.0)