Kaspersky Lab found that cryptomining attacks in the Middle East, Turkey, and Africa quadrupled in 2018, jumping from 3.5 million incidents the previous year to 13 million, according to data the compa
Kaspersky Lab found that cryptomining attacks in the Middle East, Turkey, and Africa quadrupled in 2018, jumping from 3.5 million incidents the previous year to 13 million, according to data the company released December 14. The surge reflects a shift in tactics as cybercriminals expanded operations and diversified their methods.
Attackers conducted nearly 500,000 banking malware attacks in 2018, a 17% increase from the previous year. Kaspersky researchers also uncovered six new ATM malware strains during the same period, indicating that criminal groups had expanded their toolkit.
Criminals turned increasingly toward mining attacks as their preferred method, abandoning ransomware in the process. Mining required less visibility and generated steady income compared to ransomware, which immediately alerts victims. Fabio Assolini, a senior security researcher at Kaspersky Lab, said in a statement: "The META region is becoming more appealing to cybercriminals, with financial and malicious cryptomining attacks taking center stage. We discovered six new ATM malware families in 2018. On the other hand, illegal mining of cryptocurrencies has increased dramatically to overtake the main threat of the last few years: ransomware. We believe the reason behind this is that mining is silent and cause less impact that ransomware, making it less noticeable."
The global picture showed similar trends. Kaspersky detected an 83% increase in malicious cryptomining attacks worldwide during 2018. More than 5 million users encountered such attacks in the first nine months of the year, compared to 2.7 million over the same period in 2017.
Ransomware attacks declined as criminals switched strategies. Mining required far less risk of detection compared to ransomware, which immediately alerts victims when it locks their files and demands a ransom. Mining operates silently, consuming computational resources while the victim continues working unaware.
Attack volumes peaked in March, when Kaspersky recorded over 1.16 million mining incidents in a single month. Rates fell through the remaining quarters as public interest in cryptocurrencies declined and token prices dropped.
Botnet operators spread the malware through pirated software and unlicensed content. Victims installed the software without realizing they were compromising their systems, according to Kaspersky research. The data revealed a direct connection: regions where unlicensed software circulated more freely experienced more mining attacks.
Evgeny Lopatin, a security expert at Kaspersky, said: "Our analysis of the economic background of malicious cryptomining and the reasons for its widespread presence in certain regions revealed a clear correlation. The easier it is to distribute unlicensed software, the more incidents of malicious cryptominer activities were detected. In short, an activity not generally perceived as especially dangerous, the downloading and installation of dubious software, underpins what is arguably the biggest cyberthreat story of the year – malicious cryptomining."
Mining malware hijacks a device's processor and graphics card, consuming 70 to 80 percent of computational power without the owner's knowledge. Victims may not notice the infection for weeks or months, if at all, because mining runs silently without creating visible problems like system freezes or error messages.
The financial rewards make the threat attractive to criminals. A single mining botnet can generate more than $30,000 per month for its operators. Monero, a privacy-focused cryptocurrency, dominates the illegal mining market because of its anonymity, market value, and convertibility into other currencies.
Palo Alto Networks estimated that $175 million worth of Monero has been mined through these criminal operations, representing roughly 5 percent of all Monero currently in circulation.
