Intelligent CISO Issue 11 | Page 21

cyber trends have become democratised, with advanced attack methods now available to anyone willing to pay for them, as part of the growing ‘malware-as-a-service’ industry. Highlights include: • Cryptominers digging undetected on networks: Cryptominers infected 10x more organisations than ransomware in 2018 but only one in five IT security professionals were aware their company’s networks had been infected by mining malware. A total of 37% of organisations globally were hit by cryptominers in 2018 and 20% of companies continue to be hit every week despite an 80% fall in cryptocurrency values. • Threat risk of cryptominers underrated by organisations: When asked what they rated as the biggest threats to their organisation, just 16% stated cryptomining, compared with DDoS attacks (34%), data breaches (53%), ransomware (54%) and phishing (66%). This is concerning as cryptominers can easily act as stealth backdoors to download and launch other types of malware. • Malware-as-a-service rises: The GandCrab Ransomware-as-a- www.intelligentciso.com | Issue 11 Service affiliate program shows how amateurs can now profit from the ransomware extortion business as well. Users keep up to 60% of the ransoms collected from victims, and its developers keep up to 40%. GandCrab has over 80 active affiliates and within two months in 2018 had infected over 50,000 victims and claimed between US$300,000 and US$600,000 in ransoms. “The second instalment of our 2019 Security Report shows how cybercriminals are successfully exploring stealthy new approaches and business models, such as malware affiliate programs, to maximise their illegal revenues while reducing their risk of detection,” Alexander added. “But out-of-sight shouldn’t mean out-of-mind: even though cyberattacks during 2018 have been lower-profile, they are still damaging and dangerous. “By reviewing and highlighting these developments in the report, organisations can get a better understanding of the threats they face and how they prevent them impacting on their business.” Peter Alexander, Chief Marketing Officer of Check Point Software Technologies Check Point’s 2019 Security Report is based on data from Check Point’s ThreatCloud intelligence, one of the largest collaborative networks for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors; from Check Point’s research investigations over the last 12 months. u 21