We’re more than half way into 2018 and Check Point Software has released is Cyber Attack Trends: 2018 Mid-Year Report for 2018.

Much like Kaspersky Lab’s research published last month, Check Point’s report found that drive-by cryptocurrency mining (in which a user’s hardware is hijacked to mine cryptocurrency via a browser) is the most popular form of cybercrime at the moment.

“Between January and June 2018, the number of organisations impacted by cryptomining malware doubled to 42%, compared to 20.5% in the second half of 2017,” says Check Point.

Cryptocurrency mining is by far and away the most popular strain of malware out there at the moment with Check Point reporting that three of the most common malware variants seen in the first half of this year were crypto miners.

In addition to this the number of attacks on cloud infrastructure is increasing according to Check Point’s Maya Horowitz.

“We’ve also seen increasingly sophisticated attacks against cloud infrastructures and multi-platform environments emerging. These multi-vector, fast-moving, large-scale Gen V attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data,” says Horowitz.

We’ve included a breakdown of the most popular malware seen in first half of 2018 as well as a brief explanation of what the malware does below.

You can also download the full report for free over on Check Point’s website.

Top Cryptominers H1 2018

  • Coinhive (30%) – A cryptominer designed to perform online mining of the Monero cryptocurrency without the user’s approval when a user visits a web page. Coinhive only emerged in September 2017 but has hit 12% of organisations worldwide hit by it.
  • Cryptoloot (23%) – A JavaScript Cryptominer, designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s approval.
  • JSEcoin (17%) – Web-based Crypto miner designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user’s approval.

Top Ransomware During H1 2018

  • Locky (40%) – Ransomware that spreads mainly via spam emails containing a downloader, disguised as a Word or Zip attachment, before installing malware that encrypts the user files.
  • WannaCry (35%) – Ransomware that was spread in a large scale attack in May 2017, utilising a Windows SMB exploit called EternalBlue, in order to propagate within and between networks.
  • Globeimposter (8%) – Distributed by spam campaigns, malvertising and exploit kits. Upon encryption, the ransomware appends the .crypt extension to each encrypted file.

Top Mobile Malware During H1 2018

  • Triada (51%) – A Modular Backdoor for Android which grants superuser privileges to downloaded malware, as it helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
  • Lokibot (19%) – A mobile banking Trojan which targets Android smartphones and turns into a Ransomware, upon an attempt of the victim trying to remove its admin privileges.
  • Hidad (10%) – Android malware which repackages legitimate apps and then releases them to a third-party store. It is able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.