Report reveals a slow quarter in cybercrime

In Singapore, a generally slow second quarter reflects an overall lull in cybercrime.

Reflecting global trends, Android ransomware detections in Singapore have gone down by 88.7% between Q2 and Q1, according to  the quarterly Malwarebytes Labs Cybercrime Tactics and Techniques report. This could mean that ransomware actors are diverting their targets and changing strategies.

Meanwhile, the trends for both Spyware and Trojan detections have increased between Q2 and Q1, with a jump of 159% and 5.25% respectively.

Meanwhile, there is a huge spike in backdoor malware detections, with an alarming increase of 2270%. The spike seems to come out of nowhere. However, based on the CTNT report, it is due to a particular campaign spreading malware that the team refers to as Backdoor.Vools. The Vools backdoor malware has been primarily observed installing cryptocurrency miners on the affected system after it communicates with a command and control server.

The primary fear of Vools’ capabilities is not due to its mining component or even its use of ETERNALBLUE, but the additional threats that this malware can and will install on the system once cryptomining goes out of fashion. Based on plummeting cryptocurrency values over the last few months, that time is going to come sooner than later.

Cryptomining is plateauing

Based on CTNT report, cryptomining detections are gradually plateauing. Ultimately, many criminals aren’t getting the return on investment from cryptomining that they were expecting. The cryptojacking craze will likely stabilize as it follows market trends in cryptocurrency; however, a massive spike or downturn in the currency market could quickly impact those numbers one way or the other!

Malware also goes back to school

Unfortunately, schools are often the first to see malware threats emerge because of the way users behave. Specially now, after the holiday break, many student devices are coming back to school full of malware from malicious sites that kids have been browsing in their own time during the summer. Data show that Adware and Hijacker have been some of the most common threats for students this quarter.

Jeff Hurmuses, Area Vice President and Managing Director, Asia Pacific, Malwarebytes, said: “Cybercriminals actively target sites where students commonly browse, and they are often legitimate sites. A common way to infect one of these sites is through the ads which get served up from a different, less secure source. As the cyber threat landscape evolves, there is a need for schools to understand cybercriminals’ methodologies and tactics, and replace outdated security systems to avoid becoming the latest victim of an attack.”