Stay in touch

Enter your email and get the latest news and researches on cybersecurity, receive invitations to private security events and conferences.

Malvertising and crypto threats have rocketed in 2017

Thursday, September 14, 2017 By

You might not have noticed it yet, but 2017 has seen some interesting malware trends, and not of the kind you might expect.


Inevitably, malware has continued to diversify in 2017, and while ransomware volumes have continued to grow, a different trend has also been tracked - in spite of an 18.65 per cent rise in malvertising, the total amount of malware in advertisements decreased by 42.73 per cent from Q1, along with a 24.21 per cent drop in exploit kits. In fact, exploit kits have been declining consistently for the entire year.

Malvertising and crypto threats have rocketed in 2017

The research, by RiskIQ, blames the overall rise on the ever-increasing popularity of programmatic advertising, but also highlights the variance in tactics displayed. That drop in exploit kits was offset by a 131.36 per cent rise in phishing-related advertisements. Clearly harvesting sensitive data and/or login credentials direct from the user has begun to be more efficient than dropping malware. Phishing malvertising has been on the rise for a while, too - in 2016, RiskIQ saw a massive increase in phishing malvertising, identifying 1,978 per cent more incidents over 2015.

Malvertising and crypto threats have rocketed in 2017

The data does show a considerable drop in scams, down 36 per cent, but that still leaves a huge number, more than a million incidents in Q2. The company also detected 845.9 per cent more scams in 2016 than 2015.

As RiskIQ points out, these rises are bad for everyone online, as they’re a major driver of ad blocking, which in turn inhibits genuine digital advertising. In the US in 2016, 69.8 million individuals were expected to use an ad blocker, an increase of 34.4 per cent over last year. In 2017, that figure is projected to grow by another 24 per cent, to 86.6 million people, according to eMarketer.

Meanwhile, interesting data from Kaspersky Lab shows that cryptocurrency-mining malware has expanded exponentially, managing to infect more than 1.65 million endpoints. According to Kaspersky, volumes have risen from a seed 205,000 infections in 2013 to nearly 1.8 million in 2016, and 2017 is on track to beat that figure with ease.

Malvertising and crypto threats have rocketed in 2017

Ilia Kolochenko, security expert and CEO of High-Tech Bridge said: “Statistically speaking, this number is a drop in the ocean. However, it clearly highlights that cybercriminals have found a new vector to monetize massive breaches of personal machines and devices. In the past, user machines were compromised, backdoored and sold to send spam, host illicit content, infect other machines or to be used as proxies in new attacks. Today, cybercriminals have a more reliable way to make profit from botnets turning them into cryptocurrency mines. As cryptocurrencies provide pretty good anonymity by design, risks are minimal, while profits are high and guaranteed. Therefore, I think we should expect to see this trend growing pretty quickly in the near future.

If mining software can use the full processing power of the infected machines their hardware may fail much faster. But otherwise, I don’t think we can clearly distinguish any particular risks for businesses whose machines are used for cryptocurrency mining. I’d even say that legal risks would be much smaller compared to using compromised machines to hack new victims.

Of course, the main reason for this increase is the exponential rise in the cryptocurrency markets, led by massive gains for Bitcoin and Ethereum, but with considerable ‘trickle down’ to less mainstream currencies such as Monero and Zcash, especially of late. The latter two currencies are particularly popular with nefarious types due to inbuilt privacy safeguards, in the shape of anonymous transactions. The two currencies are also still (just) mineable via CPUs, so building a botnet to do so makes practical sense. Of course, spotting a Trojan miner infection is relatively easy, as the CPU will be running at very high loads. This heavy usage is the main threat to infected businesses, as their hardware will age significantly faster than through normal corporate use.

In short, attackers are not only diversifying their methods, but the target item(s) of value your business has for any given group or individual can vary widely. The value of a full and comprehensive digital audit has never been more apparent...


Mark Mayne Mark Mayne has covered the security industry for more than 10 years, editing news for SC Magazine and editing SecurityVibes UK. Mark has a background in national news journalism and tech reporting, and has run b2b and b2c editorial sites.

User Comments
Add Comment

Request Demo