
Cyber criminals are increasingly setting their sights on stealing cryptocurrency and the computing power to mine it, according to a new report from Seattle-based network security company WatchGuard Technologies. They're also reworking their email-delivery methods.
Using statistical data gathered from tens of thousands of customer devices designed to detect attempted malware and network attacks, the company reported that in Q1 of 2018 several types of cryptocurrency miners landed on its list of the 25 most common malware variants for the first time. WatchGuard Technologies said the crypto-mining malware will likely stay on that top-25 list in Q2 and may even move to the top 10 by the end of the quarter.
"Our Threat Lab team has uncovered multiple indicators that suggest malicious crypto miners are becoming a mainstay in cyber criminals' arsenals and will continue to grow more dominant in Q2,"
WatchGuard Technologies Chief Technology Officer Corey Nachreiner said. "While ransomware and other advanced threats are still a major concern, these new crypto-miner attacks illustrate that bad actors are constantly adjusting their tactics to find new ways to take advantage of their victims."
Much of the rising interest in cryptocurrency-related illegal activity was due to big moves in the price of bitcoin, as well as the launch of new cryptocurrencies, it said.
However, WatchGuard Technologies also found that overall malware volume dropped 21.7% between Q4 of 2017 and Q1 of 2018. Much of the change was due to the somewhat seasonal nature of the crime, though.
"The fourth quarter of the year is very busy from both a global and regional holiday perspective," the study explained. "Holidays and events such as Christmas, Thanksgiving, Halloween, Hanukkah, Black Friday, Cyber Monday, New Years, and more all fall on the last quarter of the year. These events make perfect targets for social engineers and criminals to attach their cyber-attack campaigns to, which is why we always expect Q4 malware to be higher than other quarters. You should expect this trend to continue during Q4 of 2018 as well, dropping again during Q1 2019."
But one change that wasn't seasonal was the shift in how criminals are using email to spread malware.
"Of the top threats from the quarter, 25% were detected as email attachments compared to 75% detected over web connections. This doesn't mean malware attacks launched from phishing emails on their way out, though. Instead, attackers are likely shifting from direct email attachments to using web links for malware delivery," it said.
The change in tactics was likely due to growing employee education about phishing and the dangers of clicking on attachments, WatchGuard Technologies said.
"To combat this awareness, attackers are being forced to adapt and better mask their delivery methods. Web links are much less conspicuous than actual attachments when attempting to trick a victim into falling for your trap," it warned.
In Q1, nearly half of all malware was able to slip past basic signature-based antivirus solutions due to various obfuscation methods that criminals had put in place, the company noted.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to asset-and-logo-licensing@alm.com. For more information visit Asset & Logo Licensing.