Check Point Research, the threat intelligence arm of Check Point Software Technologies, has published its latest Global Threat Index for March 2019. The index reveals that while cryptomining services such as Coinhive have closed down, cryptominers are still the most prevalent malware aimed at organisations globally.
As announced last month, both Coinhive and Authedmine stopped their mining services on March 8. For the first time since December 2017, Coinhive dropped from the top position but, despite having only operated for eight days in March, it was still the sixth most prevalent malware to affect organisations during the month. At its peak, Coinhive impacted 23 per cent of organisations worldwide.
Many websites still contain the Coinhive JavaScript code today, though with no mining activity taking place, Check Point’s researchers warn that Coinhive may well reactivate if the value of Monero increases. Alternatively, other mining services may increase their activity to take advantage of Coinhive’s absence.
During March, three of the top five most prevalent malware were cryptominers – Cryptoloot, XMRig and JSEcoin. Cryptoloot headed the Threat Index for the first time, closely followed by Emotet, the modular trojan. Both had a global impact of six per cent. XMRig is the third most popular malware impacting five per cent of organisations worldwide.
Maya Horowitz, Threat Intelligence and Research Director at Check Point commented, “With cryptocurrencies’ values dropping overall since 2018, we will be seeing more cryptominers for browsers following Coinhive’s steps and ceasing operation. However, I suspect that cyber criminals will find ways to earn from more robust cryptomining activities, such as mining on cloud environments, where the built-in auto-scaling feature allows the creation of a larger haul of cryptocurrency. We have seen organisations being asked to pay hundreds of thousands of dollars to their cloud vendors for the compute resources used illicitly by cryptominers. This is a call for action for organisations to secure their cloud environments.”