Cryptojacking is the most common form of cyber attack threatening businesses and it could lead to much more costly attacks
When we think of cyber-attacks, we don’t tend to picture the quiet mining of cryptocurrency – but that’s exactly what’s involved in cryptojacking.
The 2017 WannaCry, Petya and NotPetya attacks unveiled just how formidable the reach of hackers has grown, but a cyber-attack doesn’t have to cause widespread damage to be deadly.
Cryptojacking – also known as a cryptomining attack – is the most common cyber threat to businesses and, unlike in the 2017 attacks, victims might not even realise they’re infected.
A 2018 report from Cyber Security company Webroot showed that cryptojacking had replaced ransomware as the most common cyber-attack.
According to security software company McAfee’s quarterly threat report, launched in December 2018, cryptojacking rose by 4,000% that year.
It’s a threat that insurers should be concerned about because it could open up businesses to further attacks.
What is cryptomining?
Cryptocurrency mining – or cryptomining – involves the solving of complex cryptographic puzzles.
Solving these puzzles adds a block of transaction data to the blockchain – a digital ledger which records all activity made using a cryptocurrency.
A network of miners using specialised software apply processing power towards completing this task, and are rewarded by a nominal amount of whichever coin they’re mining.
Democratising the mining process means that every transaction is checked against the rest of the ledger’s data on every single computer in the network, to ensure that results are identical on each.
In practice, this means that the blockchain is virtually impossible for a hacker to breach and corrupt.
The mining process requires large amounts of computational power, which is why it tends to be outsourced to a network of computers – but that’s also the reason some choose to steal processing power for the task.
What is cryptojacking?
Cryptojacking is the process of mining cryptocurrency using the processing power of another computer – without the owner’s knowledge or consent.
Specialised software purchasable on the dark web – a growing black market for malware – can infect single computers or entire networks, and run undetected as it quietly mines cryptocurrency.
According to cyber security expert Alan Calder, the founder and executive chairman of consultancy IT Governance, browser attacks are the most common form of cryptojacking.
He says: “Most cryptojacking activity isn’t able to take advantage of hardware with the capability of mining cryptocurrencies like bitcoin, which demand large amounts of computing power.
“What tends to be the choice of crypto criminals are currencies like Monero, because they can be mined on a normal desktop or workstation.
“This is most commonly done through a JavaScript download initiated on a browser, but a computer can also be infected through an email or embedded in another piece of software.”
Cryptojackers spread their malware across many devices
The excessive use of computing power that can be forced on a system through cryptojacking can leave it permanently damaged and result in significant electricity costs – but this outcome was more of a risk when cryptojackers required large volumes of computing power to mine Bitcoin.
Now Monero is the currency of choice, cryptojackers can spread their operations further, syphoning a small amount of processing power from a huge number of machines, rather than targeting a data centre with the capability of mining Bitcoin.
According to Mr Calder, this has resulted in cryptojackers casting their nets much wider when stealing power for their mining operations.
He says: “Data centres make sense if you can get into their CPUs and they have sufficiently advanced computing power, but most are relatively well protected.
“You need to identify one with the hardware you need, and then infiltrate it with your software, and that’s a lot harder than sending a phishing email with a JavaScript code to a large number of small and medium sized businesses.”
With the most common cryptojacking techniques not having highly detrimental effects on businesses, Mr Calder believes that the real threat lies in what further attacks could be conducted using the same vulnerabilities.
Vulnerabilities exploited by a cryptojacker could be a channel for more malicious malware.
Many businesses will simply put up with a power-leeching cryptojacker rather than becoming concerned about their vulnerabilities, according to Mr Calder.
He says: “Many companies with a cryptocurrency mining infection will think ‘they’re only using a little bit of my power and I can afford it’.
“The reason businesses should be focusing on identifying and removing cryptojackers is that if a criminal is able to get cryptojacking software into your system, it’s possible they can get other stuff in there.
“A criminal that runs cryptojacking software can perfect their phishing emails, and when they decide they aren’t earning enough from cryptojacking, they can try ransomware instead.
“This is why businesses must attack even the smallest weakness, because small weaknesses get exploited and turn into big weaknesses.”
Cyber insurance cover providers need to become better at assessing risk
The low-impact nature of cryptojacking means that it tends to go undetected, or where it is detected, very few smaller businesses have cyber insurance to cover them.
Neil Hare-Brown, founder and CEO of cyber insurance comparison website Cyber Decider, believes insurers aren’t doing enough to assess risk when writing cyber insurance.
He says: “The number of businesses in the UK of all sizes that have cyber insurance is still in single figures, in America it’s more like 40%.
“The main problem is that underwriters are just assessing risk by asking questions about things like patching, firewalls and anti-virus software.
“They should be asking if businesses have a proper cyber-risk strategy in place to address the poor technical security and user errors that are usually responsible for a cyber breach.”