Report: Container Software Vulnerabilities On the Rise, Mining Malware Is Fading Away

Cryptocurrency ransomware, botnets and backdoors seem to have replaced cryptocurrency mining malware as the tool of choice for cybercriminals, according to a recent report from computer security firm Skybox Security.

In its report dubbed “2019 Vulnerability and Threat Trends: Mid-Year Update,” Skybox reviews software vulnerabilities and newly developed exploits, as well as malware and attacks, among other related issues.

Cloud services vulnerabilities are on the rise

When it comes to digital currencies, the report notes that in 2018, cryptocurrency mining malware was the most popular tool for cybercriminals. However, following the decline in cryptocurrency values, attackers reportedly turned to ransomware, botnets and backdoors. The latter tools increased by 10%, 8% and 18% respectively, between the first half of 2018 and the same period this year.

Skybox further points out the growth of vulnerabilities in various cloud services, especially container software. The report states:

“Vulnerabilities in container software have increased by 46% in the first half of 2019 compared to the same period in 2018. Looking at the two year trend of container vulnerabilities published in first halves, container vulnerabilities have increased by 240%.”

Containers, as explained by Google, “offer a logical packaging mechanism in which applications can be abstracted from the environment in which they actually run. [...] Containers allow you to package your application together with libraries and other dependencies, providing isolated environments for running your software services.”

The findings conclude that mobile applications were exploited more than any other category in the first half of 2019, with roughly 150 exploits or proof-of-concepts.

One positive development, Skybox notes, is that only a tenth of over 7,000 vulnerabilities published by mid-2019 were exploited in the wild. 

As a dedicated analysis by Cointelegraph published showed in June, throughout the past six months, seven crypto exchanges had reportedly seen large-scale hacking attacks to the tune of tens of millions of dollars.