Over the past year we’ve seen immense growth in the popularity and value of cryptocurrency, with leading cryptocurrencies such as Bitcoin reaching market value highs of $25,000 AUD in December 2017 for a single coin, up from $1,200 AUD in January earlier that year.
This explosion in the value of cryptocurrency over the past year has exposed organisations and people to new cybersecurity threats posed by opportunistic cybercriminals looking to exploit coin mining for monetary gain. Even government agencies are susceptible to web-based cryptojacking attacks, with several Australian public service departments recently reported infected via a browser plug-in, which ran a mining script on visitors’ devices as they opened the web page.
‘Cryptojacking’ is the latest monetisation method in malware evolution, succeeding the likes of banking malware and ransomware. New insights from McAfee Labs reveal cryptocurrency mining malware grew a whopping 629 percent to 2.9 million samples in the first quarter of 2018 up from nearly 400,000 samples in the fourth quarter of 2017. This increase highlights how cryptojacking is quickly becoming a major threat in cyberspace.
An invisible threat
Cryptojacking is becoming popular amongst fraudsters because unlike a ransomware attack, which may only yield payments for a portion of the computers attacked, in cryptojacking, all 100 computers work for the attacker to mine cryptocurrencies.
Cryptojacking also does not require strong technical skills to perform. Cryptojackers use a computer – or any other connected device – to mine cryptocurrency, such as Bitcoin, without the individual’s knowledge via embedded scripts. If done right, it can be completely invisible to the user.
‘Malvertising’ – the act of injecting malicious cryptomining scripts in the form of advertisements into legitimate advertising networks – makes it especially difficult to identify cryptojacking risks as they can appear identical to their legitimate counterparts.
Compared to better-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler and less risky because there is little to no human interaction or intervention required for the attack to proceed. Removing the human element increases the chances of success, because it reduces unpredictability. Also, because the impact of cryptojacking attacks are not necessarily obvious or visible, victims are less likely to raise the alarm.
Getting ahead of cryptojackers: the answer goes far beyond anti-malware
Anti-malware solutions are a pre-requisite to fight cryptojacking, but they’re not enough. Anti-malware helps on the end-user side, certainly. On the organisational side, matters become more complex. It comes down to robust cyber hygiene, particularly when considering the infrastructure that serves web pages and applications.
As a first step, organisations need to patch systems and applications to reduce the potential attack surface within the organisation. In addition to anti-malware solutions, multi-factor authentication should be used to reduce the risk of administrative accounts being compromised. An exploited unpatched web server or hacked administrative account is a likely scenario for how an attacker would load the cryptojacking script into the code that serves up a web page for the end user, and as such it’s key this is mitigated at the outset.
If businesses want to keep up with the ever-evolving malware landscape and protect employees and the organisation against new threats such as cryptojacking, they need to take a collaborative and holistic approach to security. Business and IT leaders need to strike a balance between investing in the right security software and tools, implementing the right processes, and driving more awareness amongst key stakeholders and staff across the organisation to mitigate risk.