In direct correlation with the surge in fintech relevance, cybercrime trends indicate that attackers are transitioning away from ransomware to embrace the more reliable, highly profitable malware method of “cryptojacking.”
Since the beginning of 2018, there has been a marked increase of bad actors implanting malware that secretly commandeers enterprise resources to mine cryptocurrency, siphoning off computer processing power and carrying out other deleterious side effects on corporate IT infrastructure. Cryptojacking is clandestine and generally hard to detect. (Because who really reports the nuisance of their computer slowing down a bit?)
Use of crypto miner malware is up to 32% of all malware types reported in the first two quarters of 2018 (crypto miner malware use was just 7% in the back-half of 2017). Inversely, ransomware attacks fell sharply from 32% to just 8% in the same timeframe. These passive attacks have netted criminals millions of dollars in crypto tokens and coins and show no indication of slowing in the foreseeable future.
Cryptojacking attacks are not executed solely by some faceless external threat; malicious insiders may capitalize on working knowledge of corporate resources to install mining operations that circumvent detection methods in-place. For example, an employee of a Russian e-payment firm used its payment terminals to mine 500,000 bitcoins, hijacking the company's hardware to mine crypto when the machines were not in use. Also, a European bank recently noticed processing time was running slowly during nighttime sessions but diagnostic tools didn't detect the cause. It took a physical inspection of the data center to discover that a rogue employee had set up a hidden cryptomining system.
Takeaways: It is imperative for companies to recognize how disruptive and costly crypto miner malware can be.
Have a comprehensive IT security plan in place that includes cryptojacking
Actively monitor networks for suspicious activity
Cryptojacking scripts are often delivered through web ads so install an ad blocker extension on web browsers
Train employees on the threat of cryptojacking so they can be part of a detection solution
Perform ongoing background screenings of employees to mitigate the Insider Threat