Over 40 percent of organisations were affected by cryptomining attacks in 2018, a marked increase of 20 percent in comparison to 2017.
This is according to new research published by Tel Aviv-based cyber security company Check Point, who found that despite the drop in value of cryptocurrencies such as bitcoin, cryptomining attacks are still popular with threat actors.
Maya Horowitz Director of Threat Intelligence & Research at Check Point wrote in the report that: “Unlike ransomware, cryptomining offers cyber criminals a much stealthier style of attack that can remain on an organization’s servers for months without being detected. During this time, and as long as it is undetected, its authors earn a steady stream of passive income.”
Cryptomining attacks occur when a hacker use the computational power of compromised computers to process cryptocurrency transactions and earn coins in compensations for the heavy calculations and energy used in the process.
“Whether it is using a user’s private computer, infecting a website with a cryptomining advertisement or harnessing the immense CPU power of an organization’s server, it does not take long for criminals to earn large amounts of their preferred digital currency,” Maya Horowitz states.
Cyptomining Does More Damage Than You Think
For an enterprise unaware that cryptomining is occurring within their servers untold damage could already have happened.
Mining cryptocurrency is an energy heavy task, a report last year by the Bank for International Settlements (BIS) found that: “The total electricity use of bitcoin mining equalled that of mid-sized economies such as Switzerland”.
If 20 percent of the servers in a datacentre were also running cryptomining malware their energy output would be significantly higher than normal.
This leads to a major issue for enterprises unaware of malware running on their systems, heat and the gradual degradation of hardware.
Last year Symantec had a booth at Black Hat Las Vegas where they cooked an egg on top of a router on which they had simulated a cryptomining attack. Brian Varner Special Projects Researcher at Symantec wrote at the time that: “It took about 10 minutes to get an egg to sizzle on top of a dangerously hot piece of hardware.”
“As attackers leverage infected systems for cryptojacking, they increase the stress put on servers and endpoints, including telephones, switches and routers.”
Unlike other malware such as ransomware or a denial of service attack, cryptomining can go unseen for a long time, continually doing damage to hardware and costing enterprises money in lost computational and electric power. Check Point has seen a marked increase in this form of attack so it is one for organisations to be wary of in the coming year.