Safeonline Emerging Technology Risks: Cryptojacking

Introduction

In the past, ransomware has trumped other methods as the most popular form of cyber espionage. Over the past year however, there has been a spike in criminals searching for new opportunities for revenue generation. Considering the astronomical rise in the value of cryptocurrency, it is unsurprising that they have identified coin-mining as a preferable method. This term has been coined ‘cryptojacking’, and is likely to be contributing significantly to the reported 8,500% increase in detection of coin-miners (Symantec, 2018).

Cryptojacking is defined as ‘a form of cyber attack in which a hacker hijacks a target’s processing power to mine cryptocurrency on the hacker’s behalf.’

How does it work?

Cryptojacking is the unauthorised use of someone else’s computing power to mine cryptocurrency. Most commonly, it works in the same way as ransomware and is deployed when a victim clicks on a malicious link that loads crypto mining code onto the computer. Additionally, it can infect a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.

Due to the vast amount of electricity needed to mine cryptocurrency, the electricity costs often outweigh the remuneration from the coins gained. Cryptojacking (utilising the victims processing power) is therefore highly lucrative, offering a potential 100% pay-out ratio.

Once compromised, infected machines can immediately begin to mine cryptocurrency, regardless of the geographical location or processing power of the machine. Cryptojacking relies on the total computational power of the network of machines. It is therefore irrelevant if one machine has a slow processor, as it still contributes to the total power in some way. If the attackers set the mining malware to subtly take a portion of the victims processing power rather than completely draining the device, the attack can continue virtually undetectable.

Multiple Infection Mechanisms

Attackers are constantly looking for new and creative ways to carry out coin mining attacks. Whether it be brute-force attacks, unpatched vulnerabilities, or compromised websites, criminals are finding techniques that can infect both clients and servers. Hackers have even found a way to tweak existing malware by adding a crypto mining feature to already infected devices.

It is important to note that one does not have to click on a malicious link for their device to become infected with crypto-mining software. In fact, it is quite the contrary. Criminals are now adopting techniques in which the code is injected into advertisements supplied by platforms such as AOL or Google. Once an infected webpage is visited, it does not matter if the browser is closed, as the malicious code can be hidden in a tiny ‘pop-under’ window behind the windows taskbar.

Cloud Computing

At the most recent RSA conference presented by the SANS institute, both cloud storage data leakage and monetisation of compromised systems via crypto-miners were included in the top 5 most dangerous new attacks.

Due to unsecure cloud computing networks, criminals can not only steal data but can also target vulnerabilities to mine cryptocurrency at the expense of the victim. This is an extremely lucrative method, as there is a concrete possibility that the attack will go undetected until the victim receives their next bill.  A combination of these attack techniques has already hit some high profile victims such as Tesla, whose public cloud vulnerabilities were exploited to mine cryptocurrency.

Statistics

Last November, Adguard reported a 31% growth rate for in-browser cryptojacking and found 33,000 websites running crypto mining scripts.

February 2018, Bad Packets Report found 34,474 sites running Coinhive, the most popular JavaScript miner that is also used for legitimate crypto mining activity.

In July,  Check Point Software Technologies reported that four of the top ten most deployed methods of malware it had found were crypto miners, including the top two: Coinhive and Cryptoloot.

Cryptojacking attacks increased by 8,500% in 2017-2018 according to Symantec.

What can you do to reduce the risk?

Whist awareness is the first step towards security, there are several policies that all businesses should enforce to reduce their risk.

  1. Incorporate the cryptojacking threat into security awareness training, focusing on phishing-type attempts to load scripts onto users’ computers.
  2. Install an ad-blocking or anti-crypto mining extension on web browsers.
  3. Keep web filtering tools up to date.
  4. Use a mobile device management solution to better control what is on the users’ device.
  5. Deploy a network monitoring solution to analyse network data and detect cryptojacking and other specific threats.
  6. Monitor your own websites for crypto-mining code.
  7. Stay informed of the latest cryptojacking trends.

Insurance Solutions

The popularity of cryptocurrencies has unsurprisingly created a wealth of opportunities for cyber criminals; opportunities that can be detrimental to individuals and businesses alike. Cryptojacking attacks can result in significant business interruption losses, as well as the first party costs for forensic IT services and potential reputational damage. A comprehensive cyber insurance policy would ensure to cover both the first party and business interruption losses from such an attack. This includes any unauthorised use of the insured’s bandwidth, as well as the costs associated with access to an experienced breach response team, such as CyberScout.

If you would like to discuss this further, or get a comprehensive cyber insurance quote, please get in contact at cyber@safeonline.com

Share on : Twitter/ LinkedIn

Leave a reply