Hackers might be increasingly turning their attention to cryptominers, but spyware remains the most popular form of malware among criminals targeting businesses, according to new research.
Malwarebytes’ analysis of its own data revealed that cryptomining and ransomware attacks rose by 27 and 28 per cent respectively during the last quarter, but spyware held on to first place with 80,000 detections in January alone.
Spyware helps hackers harvest sensitive information about their targets without their knowledge. According to Malwarebytes, spyware detections fell in December, but the bounce back in January put it in first place for the first quarter of the year.
However, the increase has not been sustained. The authors of the report noted that “the spike is likely due to a malspam campaign delivering the Emotet spyware. Shortly after the spike, spyware was observed dropping significantly near the end of the quarter.”
Cryptomining peaked in February, according to the report. The authors said: “A spike in February brought us to about 550,000 detections, though a downturn in March may be due to a shift in attack strategy.”
Cryptomining entails hackers exploiting company servers to mine virtual currencies without their permission. Malwarebytes’ findings corroborate other recent reports that suggest the practice has soared in popularity as the value of cryptocurrency has spiked over the last year.
Last month, SecureWorks also reported a dramatic spike in the use of cryptocurrency mining. But despite the malware soaring in popularity among criminals, SecureWorks’ Mike McLellan told NS Tech he’s concerned some businesses aren’t taking it seriously enough. “There is a temptation to downplay these infections as a bit of background noise,” he said. “But actually if it lands on something that’s critical to your business, it can have a really significant impact.”
In February, thousands of websites – including several government platforms – were hit by cyrptocurrency mining hackers. The Information Commissioner’s Office, Student Loans Company and the Pensions Advisory Service were among those affected. Scott Helme, the researcher who identified the malicious code, told NS Tech at the time that the affected organisations “got off lightly”.
The malware did not extract users’ personal information and the National Cyber Security Centre said there was nothing to suggest the public was put at risk. “This could have been much worse,” said Helme. “It could have gone under the radar for weeks. I’m hoping people will take that seriously and realise we got off lightly.”