Criminals are turning computing power into money, and they could be using your systems to do it. Cryptojacking may sound more like a plot from a sci-fi novel than a crime, but it is in fact the big new cyber threat to businesses. And it could be happening right in front of your eyes...
Cryptojacking: what is it?
Cryptojacking is where computers are secretly used to ‘mine’ cryptocoins. Its booming popularity among criminals is the result of the explosion of cryptocurrencies, a form of electronic money. The best known is Bitcoin, but there are a host of others such as Ethereum, Monero, EOS and Litecoin.
Transactions carried out in cryptocurrency are verified using blockchain. An electronic database that is held and updated across a worldwide network of computers. In return for working out the complicated calculations to validate each of the blocks in the chain, the successful ‘miner’ will be rewarded with cryptocoins.
There is intense competition to become a successful miner. As individual PCs don’t have the necessary power, the combined processing muscle of many computers is harnessed into ‘nodes’ to do the required number crunching.
In the beginning, miners were computer enthusiasts who were happy to use their PC’s spare processing power in return for cryptocoins. But coin-mining has become a lucrative business due to the steep rise in the value of cryptocurrencies. In 2010, a Bitcoin was worth around four pence. Fast-forward to 2018 and its value is around £5,745 (peaking at $19,000 in December 2017).
A worldwide problem
In December 2017, more than eight million cryptojacking attacks, nearly a quarter of all cybercrime acts, were blocked by Symantec, the IT security firm, on its clients’ computers – a 34,000% rise on the start of the year.
The raw computing strength offered by company networks means businesses are now prime targets for cryptojacking. A report by the UK’s National Cyber Security Centre and National Crime Agency estimates that cryptocoin miners have already affected more than half of worldwide companies.
How is it done?
The most common ploy is to trick company employees into downloading coinmining malware onto their work computers through phishing emails. There was a six-fold increase in the number of cryptojacking attacks on company computer networks between January and August 2017, according to IBM.
The latest antivirus software can detect coinmining malware, but visitors to legitimate websites are also being targeted. A software has been developed that allows website owners to mine cryptocurrencies using readers’ computers who have actively chosen to block adverts on those sites.
This software is injected by hackers into a host of authentic sites and applications. It has been found in web browser extensions and open-source blogging software.
Earlier this year more than 4,000 websites (including 600 in the UK) were found to be secretly mining cryptocurrency through a compromised plug-in for blind and partially sighted people.
Browser-based cryptojacking is a potent threat. Even computer users with the most up-to-date security patches installed can fall victim by simply clicking on a compromised website. The fight is not lost though. Adblockers are fighting back, by updating their software to detect and block coinmining tools.
The threat can also come from within. There’s increasing evidence of inside jobs, where employees with the necessary computing knowledge and administrator access are turning their company’s computer networks into illegal coinmining operations.
An easy way to make (cyber) money
Cryptojacking is growing so fast it could eclipse the threat from ransomware. Illicit coinmining is a criminals’ dream: a low-risk, high-reward scam, which requires less computing knowhow than ransomware.
DIY cryptojacking kits are available cheaply on the dark web, the underworld internet. Once installed on a user’s computer it will quickly start to make money for criminals. These operations can make tens of thousands of pounds a month and can be left running until the victim discovers the problem.
Hiscox, have already paid cryptojacking claims. A PR company thought its email server had been tampered with, but a team of IT forensics experts discovered the company’s IT systems had instead been infected with cryptojacking malware.
Not a victimless crime
Although it might seem like a ‘victimless’ crime, in which nothing is taken. Cryptojacking can be a sinister threat. Often, once hackers have broken into a company’s system they aren’t content with just using its network to mine cryptocoins.
The IT forensic experts investigating the cryptojacking attack at the PR company also discovered that the hackers had riffled through its data. Potentially compromising personally identifiable information (PII) it held.
A company that has fallen victim to cryptojacking could also be vulnerable to email hijacking. Using malware that enables hackers to break into its email system it could be used to send fake emails tricking employees or clients into sending money to criminals’ bank accounts. This is a highly lucrative business estimated to have made criminals more than $5 billion between 2014 and 2017.
What businesses can do
The challenge for companies is to realise they are already at risk of cryptojacking. In fact, they may have already have fallen victim to it. As well as taking all the usual precautions, like ensuring employees use strong, frequently-changed passwords and regularly patching software, companies can also install server monitoring software. This can track processor, memory, network and disk usage to spot whether their servers are being put under unusually high strain, which can be a tell-tale sign of illicit coinmining.
Companies should also consider buying cyber insurance that is broad enough to cover the latest threats – because cryptojacking proves that, when it comes to internet threats, reality can sometimes be stranger than fiction.
Help protect your business against data breaches, viruses and other attacks from hackers. Hiscox can help minimise any loss and possible damage to your business and its reputation, IoD members receive 5% discount for the lifetime of their policies.
0800 280 0354
Find out more
What all SMEs need to know about cyber security
Tuesday 20 November, 9-10am
The webinar will provide an interactive platform for SMEs to gain a greater understanding of cyber security, as well as practical advice around how to defend against attacks, and deal with the aftermath of an attack in the short, medium & long-term
Register for free