But, as with many new online platforms, there is also a downside starting to raer its ugly head. Illegal crypto-currency mining known as crypto-jacking has been highlighted by experts for years, however, malicious activity is really escalating and its impact on organisations could reach well beyond impaired server performance.
The harsh reality is that companies that don't patrol their networks and throw out crypto-mining malware could find themselves exposed to a great deal more risk than higher energy bills.
Down the digital mine
Crypto-currency investing is nothing short of a 21st century gold rush. Worldwide, entrepreneurs, nation states and cybercrime gangs are looking to get rich quick by extracting more blockchain-based digital currencies like Bitcoin. The process of mining currency essentially involves large numbers of computers carrying out complex mathematical calculations to confirm digital transactions, which are then recorded on the public blockchain-based ledger. The computers are rewarded in small amounts of crypto-currency for carrying out these computations. Therefore, the more hashing power you have, the more transactions you can confirm and the more digital currency you receive.
With the value of crypto-currencies soaring in recent months, it's not hard to see why cyber-criminals have taken a great interest in this money spinner. By hijacking PCs, servers, mobile devices, IoT systemss and more — a process known as crypto-jacking — they can create botnets of crypto-currency miners, all without the knowledge of the users or IT administrators. In many ways it's the perfect crime: unlike ransomware it requires zero interaction with the victim, and if the malware is discovered, the hacker need only find a few more endpoints to maintain their botnet at the same level of performance.
Some researchers have spotted botnets comprised of millions of infected machines. If one assumes each generates around $0.25 per day, these networks of compromised computers could earn their herders over $100m annually.
Is your business at risk?
Although consumer devices and machines are certainly being targeted, this trend is particularly bad news for enterprises. One vendor estimated that related malware affected over two-fifths (42%) of global organizations in February 2018. Another claimed that crypto-jacking attacks on organisations had increased six-fold in 2017, with manufacturing (29%), financial services (29%) and arts & entertainment (21%) firms hit hardest.
Organizations are being targeted more frequently, as their servers can provide much more compute power for digital mining malware, meaning fewer need to be compromised versus lower powered home PCs to generate the same ROI for the hackers. The drain on resources can result in higher electricity bills and poor performance — which could impact productivity. Perhaps more importantly, there could be a link to more damaging cyber-attacks on your systems. One security vendor claimed that it detected nearly 4,000 Bitcoin miners in the first half of 2017, 20% of which triggered web and network-based attacks including cross-site scripting, SQL injection, ransomware and brute force password attacks.
Our intelligence revealed that malicious email campaigns are the primary means to gain a foothold on targeted systems. But it is by no means the only way for attackers to hijack your resources. Like ransomware, there are multiple threat vectors that organisations need to guard against.
Legitimate coin-mining services like Coinhive have been abused and injected into mobile games and websites. Because such software is not technically malware, it can sometimes be missed by traditional security filters. The threat has even been flagged by the National Cyber Security Centre in its latest report that warns that it could dominate during the next two years. One security researchers spotted Coinhive running on 4,000 websites, including those of the Information Commissioner's Office, United States Courts, the General Medical Council, the UK's Student Loans Company, NHS Inform and many others. The black hats did this in a classic supply chain attack in which an upstream assistive technology provider was first hacked.
Another potentially growing part of the attack surface lies with mobile endpoints like BYOD devices. One vendor claimed to have seen a 4,000% increase in Android crypto-miner detections from Q4 2017 to the first three months of this year. Poorly secured IoT devices also represent a large and lucrative source of computing power for digital cash-hungry criminals. Many are protected only by factory default passwords, and are left without firmware updates, leaving them hopelessly exposed.
So what can organisations do to mitigate the growing threat posed by crypto-jacking? As with most cybersecurity threats there is no one single solution. The answer lies in combining tried-and-tested best practice techniques, layering up regular risk assessments and system updates with intrusion prevention and detection, app whitelisting and continuous network monitoring. It's crucially important to include any mobile devices and IoT endpoints in this: hackers will always look for the easiest targets, so a security strategy, which ignores the most vulnerable devices is most at risk.
Combine these tech centric approaches with a renewed focus on people and process, including educating employees in how to spot phishing attacks, and IT administrators in how to spot the warning signs of crypto-jacked systems. Crypto-jacking is going nowhere, as long as it remains financially lucrative for the hackers.
It's extremely important to incorporate this latest threat into your security strategy and be aware of the real dangers of crypto-jacking.