finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

For much of 2017, tech news headlines were dominated by the wide-reaching and incredibly costly effects of ransomware. WannaCry and NotPetya infected thousands of computers, holding their data hostage and demanding that the user pay a significant sum for it to be returned to them. These attacks didn’t just affect general users, but businesses and national infrastructure as well, resulting in damage to reputations and a significant loss of capital due to downtime. But in 2018 we find ourselves faced by a different kind of threat, one that arguably hides in plain sight: cryptojacking. Cryptojacking sees malicious actors run cryptocurrency-mining software in the background of a user’s computer without their permission or knowledge. This can have a serious financial impact on a company, with a combination of costs in electricity and lost productivity being enough to be of a concern to financial teams in charge of budgets, as well as the issue of reputational damage associated with unknowingly aiding criminal activity.

Different Shades of Cryptojacking

These attacks generally come in two forms. Firstly, cryptojacking malware works in a similar way to other malware variants, oftentimes with hackers sneaking cryptocurrency miners into software (ranging from apps on a smartphone to videogames on the world’s largest PC gaming platform) which then runs in a computer’s background processing. Cryptojacking malware can gain access to core systems through a variety of attack vectors, including out-of-date applications and operating systems, like Windows XP. In one instance of a cryptojacking malware attack, hackers created a botnet (army of connected devices) of cryptominers, dubbed ‘Smominru’ by security researchers, which exploited over 520,000 machines – that's nearly as large as the Mirai botnet that nearly ‘broke the internet’ in 2016. This attack amassed nearly $2.3 million in the Monero cryptocurrency.

The second form of cryptojacking is far sneakier: ‘drive-by’ cryptojacking attacks can be performed on any device using a web browser. Simply put, these attacks happen when web pages infected with a so-called mining script are open on a user’s computer. The website will then, without the user’s knowledge or consent, mine for cryptocurrency using their PC. Attackers can then use the power of the user’s Core Processing Unit (CPU) to mine for currency – though the criminals lose access immediately when the user leaves the page. A recent, high-profile ‘drive-by’ attack saw 5,000 websites affected by the cryptojacking malware. The attack also infiltrated websites belonging to the UK Information Commissioner and several NHS and local council services.

The fact that cryptojacking lucratively operates “under the radar”, as well as crypto’s rise in popularity, has meant that the number of reported cases of cryptojacking rose by more than 600% in Q1, 2018. Cryptojacking is very hard to detect, particularly if criminals use currencies like Monero which is famous for its level of privacy. Like other cryptocurrencies, Monero uses a public ledger but the difference is that Monero’s is obfuscated to the point where no one can tell its source, amount or destination. For these reasons, it is a popular choice for cybercriminals, including cryptojackers. ‘Drive-by’ attacks are easier to execute than other cyberattacks and, from a cybercriminal’s perspective, can have a higher ROI as they only have to hack one website in order to target all visiting devices. As of the 9th July, 2018, over 30,000 websites have been infected with malicious crypto mining scripts, including sites belonging to Tesla and Aviva. Finally, crypto-mining criminals aren’t relying on users or organisations choosing to transfer money in order to regain access to their data or systems as in the case of ransomware attacks; instead, they are able to mine for as long as the malicious script is running. Experts are even arguing that cryptojacking could soon overtake the use of ransomware because it is simple, more straightforward and less risky.

Running out of Energy: The Effects of Crypto-Mining

The effects of cryptojacking on a PC should be fairly noticeable. Mining for cryptocurrency runs complicated equations which are time and processor intensive. Tell-tale signs are if a device starts acting uncharacteristically sluggishly, or if its fans seem overactive. If the affected device is a laptop the battery will drain noticeably quicker. These symptoms can go undetected, however, particularly if devices are still operational and users don’t think to alert the IT help desk.

Some may argue that cryptojacking is thus just a minor nuisance and a largely victimless crime, but in fact the damage comes from just how energy intensive it is. While the immediate effects may not be as crippling as a large-scale ransomware attack, costs build up because cryptojacking can slow down systems and destroy technology, which are costly on their own but can also lead to downtime. Drains on electricity can also cause incredibly high bills, and are bad for the environment. The electric cost of cryptojacking (Coinhive in this case) on just one desktop computer was 1.212kWh of electricity over the space of 24 hours. According to the Energy Savings Trust, the average cost of electricity in the UK per kWh is 14.37p, so this would cost 17.42p per day, or £5.22 per month. For an organisation made up of hundreds (if not thousands) of computers, this could quickly become very expensive. In some cases, cryptojacking has also been known to completely destroy IT equipment due to the heavy and unrelenting strain that the hardware is put under by mining software. Organisations need to tackle cryptojacking head on in order to protect IT hardware and software, save on extra energy costs and ultimately retain business that may be lost due to downtime.

A Layered Defence against Cryptojackers

To prevent these attacks, organisations need to make sure that everything on their network is monitored and checked regularly, from PCs to websites. And when using third party tools, they should put protections into place and not link directly to source codes (the behind-the-scenes workings of what makes any computer program function) which aren’t their own. Businesses should also invest in resources for IT and security teams that give them a holistic view of what is going on in their environments, because they can’t protect or defend against threats they don’t know about. Finally, a layered approach to cybersecurity reduces attack surfaces, detects attacks that do get through, and helps cybersecurity professionals to take rapid action to contain malicious activity and software vulnerabilities. The financial outlay on a layered cybersecurity solution might seem costly, but finance teams in charge of investing in technology should see this as a critical insurance policy against cyberattacks that could completely cripple a business. Investment in cybersecurity is nothing compared to what cryptojacking could cost an unprotected organisation.

Users, including financial teams who are often targets of cyberattacks, can also do their bit to stop the spread of cryptojacking. It’s important not to download files from suspicious websites, or open attachments from email addresses you don’t recognise. Furthermore, users can protect themselves online through the use of browser plug-ins that block attempts from websites trying to hijack their PCs.

However necessary it may be to introduce precautions, what ultimately might end up being the cure for cryptojacking is cryptocurrency itself. At time of writing, Bitcoin has just experienced a crash of a little under $1,000 in just shy of 24 hours. This volatility – particularly if crypto continues its downward trend since Bitcoin peaked at $19,783.06 in December 2017 (it is currently at $6,431.70 less than 10 months later) – might put criminals off. If cryptojacking can no longer prove to be profitable because the investment in the tools required is not matched by the reward, then it may well be the markets that solve the cryptojacking issue.

While market volatility is out of the control of individual businesses, what is within their means is the ability to shore up their infrastructure. Hackers are at the cutting edge in their attempts to exploit any sort of flaw that exists in a system’s makeup and cryptojacking is currently the shiniest plaything in their toy box. The positive outlook however is that cryptojacking can be protected against with the right tools and mind-set. Out-of-date applications and operating systems are a favourite attack vector for bad guys, but they can easily be fixed. It is the responsibility of IT and Security teams, along with key decision makers who are in charge of purchasing, to stop them. By investing in cybersecurity technology, as well as training users, organisations defend against cryptominers trying to gain access to precious resources and can help to make cryptojacking a less attractive prospect for hackers.

Positive Technologies has announced its latest report from its own audits of web application security: Web Application Vulnerabilities in 2017. The results, collated through the security firm’s automated source code analysis through the PT Application Inspector, detected vulnerabilities in every single web application tested in 2017. Among the key findings, 94% of applications had at least one high-severity vulnerability, demonstrating that websites are a critical weakness for organizations.

Breaking down the detected vulnerabilities by severity level, most (65%) were of medium severity, with much of the remainder (27%) consisting of high-severity vulnerabilities.

Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies said: “Web applications practically have a target painted on their back. A large number of unfixed, exploitable vulnerabilities is a windfall for hackers, who can use these flaws to steal sensitive information or access an internal network. Fortunately, most vulnerabilities can be discovered long before an attack ever happens. The key is to analyze application source code.”

Financial services are at greatest risk

As expected by Positive Technologies experts, finance web applications (46% of all tested web applications) were at the greatest risk, with high-severity vulnerabilities found in 100% of tested banking and finance web applications.

In fact, web applications at banks and other financial institutions, as well as governments, draw the most attention from hackers, as confirmed in a series of Positive Technologies reports.

Denial of service is especially threatening for e-commerce web applications, because any downtime means missed business and lost customers. High-profile e-commerce web applications receive large amounts of daily visits, increasing the motivation for attackers to find vulnerabilities to turn against users.

Attacks targeting users are the most dangerous

Positive Technologies assessed the potential impact of every detected web application vulnerability and compiled a list of the most common security threats. The number-one threat is attacks that target web application users. Alarmingly, 87% of banking web applications and all government web applications tested by Positive Technologies were susceptible to attacks against users. Users of government web applications in particular tend to not be security-savvy, which makes them easy victims for attackers.

The most common vulnerability across the board was Cross-Site Scripting (affecting 82% of tested web applications), which allows attackers to perform phishing attacks against web application users or infect their computers with malware.

Other critical vulnerabilities also find their way into government web applications. For example, security assessment of a web application for a Russian local government revealed SQL Injection, a critical vulnerability that could allow attackers to obtain sensitive information from a database.

(Source: Positive Technologies)

In 2017 anti-phishing technologies detected over 246 million user attempts to visit different kinds of phishing pages. Of those, over 53% were attempts to visit a financial-related website – 6 percentage points higher compared to data from 2016. This is the first time since recording phishing attempts that figures have reached over 50%, according to analysis of the financial threat landscape by Kaspersky Lab.

Financial phishing attacks are fraudulent messages which link to copycat websites that appear legitimate. They aim to gain users’ credentials for banking and credit accounts, and data to access online banking or money transfer accounts – all for the purpose of stealing the victims’ money afterwards. With 53% of phishing attacks taking this form, more than every second attack across the world is looking to steal a victims’ money.

In 2017 the share of all financial phishing categories – attacks against banks, payment systems and e-shops – grew by 1.2, 4.3, and 0.8 percentage points respectively and made up the top 3 categories in overall phishing attacks detected – for the first time.

The distribution of different types of financial phishing detected by Kaspersky Lab in 2017

Moreover, attacks related to the global internet portal category – which includes global search engines, social networks, etc. – fell from the second place in 2016 to fourth position in 2017 with a decrease in share of more than 13 percentage points. This shows that criminals show less interest in stealing these types of accounts and are now focusing on accessing money directly.

The data also shows that Mac users are in increasing danger. Contrary to popular belief about the security of Mac devices, 31.38% of phishing attacks in 2016 against users of the platform were aimed at stealing financial data. The share peaked in 2017, reaching 55.6%.

“The increased focus of cyber criminals to conduct financial phishing attacks means users need to remain extra vigilant. To get to grips with our money, fraudsters are constantly looking for new methods and techniques to catch us out. We need to be just as much determined to not let them succeed, by constantly investing in cyber literacy,” said Nadezhda Demidova, lead web content analyst at Kaspersky Lab.

In order to protect themselves from phishing, Kaspersky Lab experts advise users to take the following measures:

(Source: Kaspersky Lab)

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free monthly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every month.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram