View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 22, 2019

Cryptomining Attacks Hit 40 percent of Enterprises in 2018 Report Finds

"It does not take long for criminals to earn large amounts of their preferred digital currency"

By CBR Staff Writer

Over 40 percent of organisations were affected by cryptomining attacks in 2018, a marked increase of 20 percent in comparison to 2017.

This is according to new research published by Tel Aviv-based cyber security company Check Point, who found that despite the drop in value of cryptocurrencies such as bitcoin, cryptomining attacks are still popular with threat actors.

Maya Horowitz Director of Threat Intelligence & Research at Check Point wrote in the report that: “Unlike ransomware, cryptomining offers cyber criminals a much stealthier style of attack that can remain on an organization’s servers for months without being detected. During this time, and as long as it is undetected, its authors earn a steady stream of passive income.”

Cryptomining attacks occur when a hacker use the computational power of compromised computers to process cryptocurrency transactions and earn coins in compensations for the heavy calculations and energy used in the process.

“Whether it is using a user’s private computer, infecting a website with a cryptomining advertisement or harnessing the immense CPU power of an organization’s server, it does not take long for criminals to earn large amounts of their preferred digital currency,” Maya Horowitz states.

Cyptomining Does More Damage Than You Think

For an enterprise unaware that cryptomining is occurring within their servers untold damage could already have happened.

Mining cryptocurrency is an energy heavy task, a report last year by the Bank for International Settlements (BIS) found that: “The total electricity use of bitcoin mining equalled that of mid-sized economies such as Switzerland”.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

If 20 percent of the servers in a datacentre were also running cryptomining malware their energy output would be significantly higher than normal.

This leads to a major issue for enterprises unaware of malware running on their systems, heat and the gradual degradation of hardware.

Last year Symantec had a booth at Black Hat Las Vegas where they cooked an egg on top of a router on which they had simulated a cryptomining attack. Brian Varner Special Projects Researcher at Symantec wrote at the time that: “It took about 10 minutes to get an egg to sizzle on top of a dangerously hot piece of hardware.”

“As attackers leverage infected systems for cryptojacking, they increase the stress put on servers and endpoints, including telephones, switches and routers.”

Unlike other malware such as ransomware or a denial of service attack, cryptomining can go unseen for a long time, continually doing damage to hardware and costing enterprises money in lost computational and electric power. Check Point has seen a marked increase in this form of attack so it is one for organisations to be wary of in the coming year.

See Also: BIS Bites Bitcoin: “Could Bring the Internet to a Halt”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.