Story image

Kiwis 'paying for someone else's profit' as 2018 becomes the year of cryptomining

27 Mar 18

Cryptomining might just be one of the biggest trends in cybercrime this year, and New Zealand is not immune from its reach.

Symantec’s latest Internet Security Threat Report Volume 23 (ISTR) says that cryptomining is now another tool in criminals’ toolkits that can bring highly profitable new revenue streams as the ransomware market becomes too crowded.

“New Zealand is an affluent nation with high levels of connectivity, this makes Kiwis a lucrative, and accessible target for cybercriminals,” comments Symantec’s technology strategist, Pacific Region, Mark Shaw.

On a global scale, New Zealand ranks 29th as a target for cryptomining tools. Those tools take over mobile device resource and CPU usage to mine cryptocurrency, often without the user’s or website owner’s knowledge. The excessive memory usage results in sluggish devices, and sometimes damages those devices.

Globally, cryptomining attacks increased 8500% in 2017.

“Cryptomining while new, is becoming increasingly pervasive with the rise of cryptocurrency,” Shaw says.

 “Approaches to malicious cryptomining are growing in sophistication and so too should organisations, and everyday Kiwis, defense against these malicious programmes – or people and businesses risk paying for someone else’s profit.”

The report notes that cryptomining is not illegal, however. Some people may see it as a welcome alternative to viewing ads or paying for content in other ways.

“The problems arise when people aren’t aware their computers are being used to mine cryptocurrency, or if cyber criminals surreptitiously install miners on victims’ computers or Internet of Things (IoT) devices without their knowledge,” the report explains.

The global ransomware market is going through what Symantec calls ‘market correction’. Last year the average ransom was $522, less than half the average in 2016. The number of new ransomware variants increased 46%, new ransomware families dropped. This, the report says, suggests that criminals are shifting their focus away from ransomware for newer, higher-value targets.

New Zealand is ranked 56th globally and 9th in Asia Pacific for the number of ransomware attacks, accounting for 0.1% of all attacks.

The country is most affected by spam email, which accounted for 51.8% of all email attacks. The global average is 54.6%.

The most common keywords used in spam emails include standard words like delivery, mail and message; however words including ‘failed’, ‘invoices’, ‘images’ and ‘scanned’ also appeared on the top 10.

Globally, the overall phishing rate dropped from one in every 2596 emails in 2016 to one in 2995 in 2017. However Kiwis continue to fall for phishing scams.

“It’s wonderful that Kiwis trust one another, but on the internet we need to take a step back and remember that if it seems too good to be true, it probably is,” Shaw adds.

Shaw notes that the New Zealand Government has improved its cybersecurity posture since last year, including the launch of its cybersecurity portfolio and CERT NZ.

“Netsafe launched some good awareness campaigns like their Re:scam AI campaign too. While all these are good steps forward and help Kiwis understand the dangers of the web, we’re also seeing that Kiwis keep falling for the same scams,” he notes. 

The Symantec ISTR also looks at the state of malware, the supply chain, web threats, vulnerabilities, targeted attacks, mobile threats, the Internet of Things, fraud and the underground economy.

Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.