October 25, 2018
New Cyber Threat: Cryptojacking
by John Farley
Cyber criminals infiltrate corporate networks to leverage computers for cryptocurrency mining, often causing damage and creating liability.
It seems that with every advancement in technology a new threat vector is born. This theory holds true as we begin to embrace the world of cryptocurrency. Cryptocurrencies have emerged as an alternative means for financial transactions, while the value of a single Bitcoin cryptocurrency rose to $20,000 in late 2017. Hackers took notice and succeeded in stealing over $1 billion in cryptocurrency in 2018 alone.
Unfortunately, the cyber threat goes beyond the theft of the currency itself. This new platform has given birth to a cyber crime known as cryptojacking.
Cryptocurrency can be earned by a process called cryptomining. Cryptominers must first solve complex mathematical problems to validate transactions. To do this, they use software to create a very complex cryptographic puzzle that requires massive amounts of computing power.
Rather than use their own resources, cyber criminals infiltrate the networks of unsuspecting victims to leverage the victim’s computers for their own mining activities. Hackers then send the results back to servers they control. This often results in slowing or crashing of computer systems, equipment replacement costs, increased energy costs and lost productivity.
See also: Cyber: Black Hole or Huge Opportunity?
There are several attack methods, including:
- Phishing emails: The victim clicks on a malicious link or attachment. This runs a code that injects a cryptomining script on the target computer. The script will continuously run, often undetected.
- Drive-by mining: The hacker injects a cryptojacking script on targeted websites or pop-up ads. When a victim visits that website or receives a pop-up from the infected ad, the script will run and infiltrate the network.
- Rogue employees: Insiders with access to IT infrastructure can set up cryptojacking systems, including physical servers, within the workplace premises.
Preventing a Cryptojacking Attack
There are several strategies that may help prevent a cryptojacking attack:
- Web filtering tools should be used to block websites that are known to spread cryptojacking scripts.
- A cryptojacking ad blocker can be installed to prevent infected ads from popping up.
- Endpoint detection technology can recognize known crypto miners as soon as they penetrate the network.
- Mobile device programs can manage vulnerable apps and malicious extensions that may be found on employee-owned devices.
- Employees must be educated to recognize phishing emails in security awareness training programs.
Transferring Cryptojacking Risk
Many cyber security experts will agree that there is no silver bullet that will prevent all cyberattacks. As a result, the commercial cyber insurance market has evolved along with cyber threats to facilitate options for cyber risk transfer. These insurance policies can provide indemnification for both first-party direct costs and subsequent third-party liability costs in the aftermath of a cyberattack.
See also: The New Cyber Insurance Paradigm
While policy wording can differ among insurance companies, there are common coverages that are found in many policies. These may be especially helpful in transferring financial losses specific to a cryptojacking attack, including:
- Business Interruption – The cumulative effect of the slowing of hundreds or thousands of computers in one organization can lead to significant cost over time. Components may fail prematurely due to overuse, and critical controls may be affected. The resulting downtime and restoration process may cause financial loss, which may be recovered under a cyber insurance policy.
- Network Security Liability – Companies may unknowingly transmit cryptomining code to other organizations, creating legal liability. Litigation costs and settlements may be covered under these policies.
- Crisis Management – Hackers may change tactics after the initial cryptojacking attack. Once they have access to networks, they may move laterally and access sensitive information that they can monetize, such as Social Security numbers and financial records. Costs to retain external vendors to investigate and respond to the attack, including IT forensics firms, privacy attorneys, credit monitoring fees, notification and call center costs, may be covered.
- Increased costs due to fraudulent use of a victim’s vendor services, such as a cloud provider or internet-based services, may also be a covered cost.
In light of the emerging threats posed by cryptojacking criminals, it is imperative that steps are taken to prevent, mitigate and transfer the risk. Technology-based controls, employee training and insurance risk transfer mechanisms should all be considered.