ACROFAN

‘Ransomware’ and ‘Cryptojacking’ Mining Cryptocurrency Declined, While ‘Formjacking’ Stealing Credit Card Information Increased

Published : Sunday, March 24, 2019, 10:03 pm
ACROFAN=Bora Kim | bora.kim@acrofan.com | SNS
Cybercriminals are always wondering about get-rich-quick schemes, that is, how much money they can earn quickly. Cybercriminals have been using cryptojacking to mine cryptocurrency and ransomware to demand money. Recently, however, they are turning their attention to formjacking, a method of stealing credit card information.

Cryptojacking, which is the most common way for cybercriminals, is the process of mining cryptocurrency using the processing power of the target computer and cloud CPU usage. With the attention of bitcoin, the notion of cryptocurrency has attracted great popularity. In addition, cybercriminals favored the cryptojacking technique of extracting cryptocurrency by planting malicious codes.

However, according to a recent ISTR report released by Symantec, the value of the cryptocurrency ‘Monero(XMR)’ has fallen to 90%, and the cryptojacking peaked at the beginning of 2018, but showed a 52% decline throughout the year. As the adoption of cloud and mobile computing has increased, both the effectiveness of attacks and the profit have fallen. However, cryptojacking should not be ignored as it is still attracting attackers with low entry barriers, minimal overhead and guaranteed anonymity.

At the same time, ransomware also shows a decline in overall attack activity and in profit. The number of infections by ransomware fell 20% last year, down for the first time since 2013. However, in 2018, the number of ransomware attacks against enterprises has risen by 12%, showing a contradiction to the overall downturn, which is a constant threat to them. In fact, more than eight out of ten ransomware infections are affecting the enterprises.

Furthermore, the ransomware is evolving. Ransomware is mainly targeting enterprises through e-mail with office files. The reason why enterprises are targeted is that they typically use Windows, do not back up important files well, and there will be a lot of profit when the attack succeeds. The certain ransomware families, such as a wanted SamSam, usually attack with a lot of ‘PowerShell’ scripts and mainly target medical institutions and local governments. In 2018, they already attacked at least 67 agencies, and the amount of extortion is estimated to reach $6 million.

According to the latest annual report of the IBM X-Force security research, the number of cryptojacking is more than double that of ransomware, as the ransomware attacks were greatly reduced last year. While the attempts to install ransomware on devices in the fourth quarter of last year were declined 45% from the first quarter, the increasing rate of cryptojacking attacks grew to 450%. The industries that received the most cyber-attacks include finance (19%), transportation (13%), service (12%), distribution (11%), and manufacturing (10%).

▲ Cryptojacking is on the decline, but it cannot be ignored.

As cryptojacking and ransomware are slowing down, a new form of crime has emerged among cybercriminals, which is ‘Formjacking’. Formjacking is a virtual ATM skimming that steals financial and personal information of individual users through card information and credit card fraud on online purchasing sites. According to Symantec’s reports, on average, over 4,800 websites appear to be infected with formjacking codes every month. It is estimated that cybercriminals will make at least tens of millions of dollars in revenue in 2018 in underground markets such as ‘Dark Web’.

Information that was hijacked by formjacking is sold for up to $45 for one credit card. In the case of British Air, where more than 380,000 pieces of credit card information were leaked, the offenders are expected to earn more than $17 million. Individual users cannot know whether visited online sites are infected without using a security solution, so their risk of identity theft and personal and financial information are likely to be exposed. For companies, the risk of attacking the supply chain as well as the risk of reputation or legal liability experienced during infection is increasing. Formjacking, which is continuously on the rise, is expected to continue in 2019 and beyond.

Cybercriminals are constantly intellectualizing and diversifying their methods of attack. Cryptojacking, which has been crammed with cryptocurrency, but the attack rate has fallen by 52% when the value and attack effect have fallen, and also ransomware has an attack pattern concentrated on enterprises that suffer greater than individuals. Though the attack has diminished, cybercriminals have evolved to develop more intelligent techniques and to use various other methods, such as formjacking, to launch various attacks.

In addition, the number of formjacking has increased, making cybercrimes more likely to occur to ordinary users who are not related to cryptocurrency or enterprise computers. Even ordinary users who have been excluded from the target cannot easily know whether they have been infected after making a payment on their website. In the United States, the structure of online shopping is easy and fast based on JavaScript, making it easy for cybercriminals to do formjacking. Korea seems to be relatively safe because it has a different payment method and does not use JavaScript, but it has to be noted that recently cases of overseas direct purchase have increased and damage cases are increasing rapidly as well.

As the attacking method is becoming more intelligent and diverse, users are advised to recognize and prevent the danger. In addition to the aforementioned cryptojacking, ransomware and formjacking, in 2019, security will be important in various aspects such as clouds, 5G and IoT devices. Users need to avoid crybercrimes as intelligent as the cyberciminals through improving their security awareness and getting more comprehensive training on threat limitations and corrective actions.

▲ Formjacking is emerging as a new information extortion method.


Copyright ⓒ Acrofan All Right Reserved


Company Name : ACROFAN
Founded : October 1, 2006
Ownership : Jae-Yong Ryu, Founder.
Headquarters : 1407Ho, Yangpyeongro 12gagil 14, Yeongdeungpo District, Seoul, Republic of Korea(South Korea). Postal Code 07222.
Contact Us : guide@acrofan.com
Contents API : RSS
Copyright(c) ACROFAN All Right Reserved