Cybercrime ran rampant last year, and the cryptocurrency market was no exception, as evidenced by hacks involving bitcoin ransoms and the pervasive use of cryptojacking. Cryptojacking involves using someone’s CPUs to secretly mine cryptocurrency without that person’s permission. And according to a report by the UK’s National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) entitled The Cyber Threat to UK Business, “cryptojacking will likely become a regular source of revenue for website owners.”
The price for a cyberattack is high, both reputationally and financially. And while corporations are ramping up their cybersecurity defenses, the threat of a security breach has not abated. If anything it’s intensified with the rise of cloud technology where sensitive data is stored and also cryptocurrency mining, where cybercriminals in 2017 rode the wave of the rise in the cryptocurrency prices.
The report reveals that the perpetrators of cryptojacking are two-pronged, stemming both from hackers and website owners who “used the processing power of visitors’ CPUs to mine cryptocurrency for their own financial gain.” For example, earlier this year a US business decided it was okay to user its visitors’ CPUs to mine Monero if that visitor used an ad-blocker. The website, however, informed its visitors of the plan in order to “recoup lost ad revenue.”
Cryptojacking remains a security threat as long as the interest surrounding cryptocurrencies remains “strong,” the report suggests.
Cryptojacking via malware is not new to the scene and has been used by cybercriminals to secretly mine bitcoin or other digital coins for years. But for the 2018-2019 period, a “newer technique of mining cryptocurrency” has emerged that “exploits visitors to a website,” and this has become the key threat, the report indicates.
For instance, in February 2018 alone, thousands of websites globally and hundreds in the UK “secretly mined cryptocurrency through a compromised screen-reading plugin for blind and partially sighted people.” Meanwhile, in December 2017, when the bitcoin price reached its height and miners were generating profits hand over fist, more than half of businesses around the world “were impacted by cryptominers,” the report reveals.
The bad news is that the problem isn’t going away any time soon –
“Popular websites are likely to continue to be targets for compromise, serving cryptomining malware to visitors, and software is available that, when run in a webpage, uses the visiting computer’s spare computer processing power to mine the digital currency Monero.” — NCA report
But if you notice a slowdown in your computer’s performance or a sudden jump in usage, these are signals that your CPUs or GPUs may have been invaded by cryptojackers. The report suggests using an ad-blocker or antivirus software that’s designed to detect the nefarious cryptojacking activity.
Here’s an illustration of what victims of the WannaCry ransomware faced on their computers last year, with the hackers demanding a payment in “bitcoin only” to recover the lost files.
A South Korean web-hosting company paid the BTC ransom, which was worth USD 1 million. Meanwhile, DDoS attacks grew more pervasive in 2017, with the number of instances having risen more than 90% in September 2017 versus January of last year. As CCN previously reported, however, hackers are turned off by the volatility in the bitcoin because of the price instability and therefore shifted to fiat money-denominated ransoms instead.
Featured image from Shutterstock.