Cryptojacking: what it is, and why it matters

Cryptojacking: what it is, and why it matters
banner_mobile

Cryptojacking is one of the fastest-growing forms of cyber-crime. You might not know if you’re a victim.

Cryptojacking involves hijacking the processing power of someone else’s computer in order to create (or “mine”) cryptocurrencies, such as Bitcoin or Monero.

Hackers can do this by getting someone to click on a malicious link in an email, which then loads crypto mining code onto the computer. Or they infect a website or online advert with code that auto-executes once loaded in a person’s browser.

Malware used by cryptojackers rose by 629% in the first three months of 2018.

These methods are becoming increasingly common as the value of cryptocurrencies rises. Cryptojacking malware reportedly affected 42% of organisations worldwide in February. The number of samples of malware used by cryptojackers rose by 629% in the first three months of 2018, according to cyber security company McAfee.

The UK suffers the fourth most attacks of any country, according to cybersecurity firm Symantec Threat Intelligence.

Carmaker Tesla and insurer Aviva are among large companies that have fallen prey to cryptojacking. Victims do not have to pay an upfront fee to criminals, but they can experience slower computers and higher power bills, as the creation of cryptocurrencies is typically an energy-intensive process. In some cases, there may be some availability issues, causing costly downtime, especially to online businesses.

This could be more serious than it sounds.

Undetected threat

In February, the critical infrastructure security firm Radiflow announced that it had discovered cryptocurrency mining malware in the operational technology network (which does monitoring and control) of a water utility in Europe. Such a malware attack could cause industrial control applications to slow down, freeze and even crash – potentially degrading an operator’s ability to manage a plant.

Such a malware attack could cause industrial control applications to slow down, freeze and even crash.

Any company dependent on fast turnaround times – such as payment systems, retailers, telecoms companies – could be severely affected.

More generally, during the cryptojacking process, cyber criminals are establishing footholds within an organisation that could be used for other forms of cyber-attack, ranging from data exfiltration malware to keylogging malware.

McAfee predicts that cryptojacking may overtake the use of ransomware, where criminals infect a victim’s computer before asking them to pay a ransom for their data to be released. (An example from 2017 is the WannaCry ransomware, which attacked numerous businesses.)

Cryptojacking is cheaper, simpler and less risky for cyber criminals because it can raise funds undetected and does not rely on the victim to pay up. It doesn’t even require significant technical skills: cryptojacking kits are available on the dark web for as little as $30, according to a report by Digital Shadows.

Prevention

Insurance solutions in this space are currently limited. Insurers are working to provide a viable solution, but the emerging cryptocurrency market is a very volatile and unpredictable space, so underwriters are erring on the side of caution. As the cryptocurrency industry matures and possibly becomes regulated over the next few years, we could see insurance solutions for these losses emerge.

In the meantime, companies should employ the following steps:

• Incorporate the cryptojacking threat into your security awareness training – focusing on phishing-type attempts to load scripts onto users’ computers.

• Install an ad-blocking or anti-cryptomining extension on web browsers – this can be an effective means of stopping cryptojacking scripts since they are often delivered through web ads.

• Use endpoint protection/antivirus software that can detect known crypto miners.

• Keep your web filtering tools up to date – if you identify a web page that is delivering cryptojacking scripts, make sure your users are blocked from accessing it again.

• Maintain browser extensions – some attackers are using malicious browser extensions or poisoning legitimate extensions to execute crypto-mining scripts.

Detecting cryptojacking can be difficult, especially if only a few systems are compromised. Sometimes the first indication is an increase in helpdesk complaints about slow computer performance. Other signals include overheating systems.

For in-browser JavaScript attacks, the solution is simple: kill the browser tab running the script. IT should note the website URL that’s the source of the script and update the company’s web filters to block it. If an extension infected the browser, closing the tab won’t help. Update all the extensions and remove those not needed or that are infected.

As long as cryptocurrencies have value, criminals will use computers to steal them – and your systems could be a target.

For more information, please contact Peter Erceg on:

Peter.Erceg@uk.lockton.com

+44 (0)20 7933 2608