What does cryptojacking mean?

05 April 2018

WHAT DOES IT MEAN?

One of the latest cyber security threats to emerge in recent months has been cryptojacking. Basically, it’s where cyber criminals hijack a computer or network and put it to work mining cryptocurrency like Bitcoin, which have soared in value over the past year.

Many crypto-currencies are created by mining, which usually requires large amounts of computing power to solve complex mathematical problems in order to verify digital transactions. In return, miners are rewarded in cryptocurrency.

Crypto-mining is legitimate, but cyber criminals are looking at ways to co-opt computers and networks to secretly mine crypto-currencies on their behalf. This can be achieved by adding crypto-mining code to a website, which then conscripts visitors’ computers into a crypto-mining army.

Last year, it was revealed that visitors using the free Wi-Fi at an Argentinian branch of Starbucks were exposed to JavaScript code called Coinhive which mines for cryptocurrency. One cyber security researcher estimated that as many as 50,000 websites have already been infected with cryptocurrency malware.

Crowdstrike recently warned of WannaMine, a crypto-mining worm that spreads by leveraging the EternalBlue exploit used in last year’s global ransomware attack. WannaMine is a file-less malware that spreads to Microsoft Windows computers and networks, hijacking their processing power to mine cryptocurrency.

WHY DOES IT MATTER?

Cyber-criminals see cryptojacking as an easy way to earn money, in addition to stealing data, ransomware and extortion. And with record valuations of crypto currencies, such attacks are becoming more attractive.

A recent report from security firm Malwarebytes suggests that crypto mining has gone mainstream and is now the top activity for cyber criminals. According to Symantec, UK cryptojacking attacks increased 1,200%, in a recent report which ranked the US top for cryptojacking.

Hackers recently broke into a cloud account owned by technology company Tesla and used it to “mine” cryptocurrency. It followed cryptojacking attacks against Starbucks, YouTube and a number of government websites. One attack brought down several UK government websites, including the Information Commissioner’s Office while a number of government websites in Australia and Canada were also hit by cryptojacking attacks.

cryptojacking attacks have also affected critical infrastructure. In what is believed to be the first attack of its kind, a European utility company found cryptojacking malware on its operating systems and industrial control systems.

cryptojacking attacks can result in business interruption losses for affected companies, as well as the first party costs of forensic IT services and potential reputational damage. However, cyber insurance would cover both first party and business interruption losses from such an attack, as well as provide access to breach response services.

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on cyber@jltgroup.com.