Cryptomining drives up hacks by 8,600pc, says Symantec

Hackers have found an easy way to make money off your computing resources and power - cryptojacking. Here's what it's all about and how you can prevent it.
10 April 2018

Kevin Haley, director, Symantec Security Response. Source: Facebook

The cryptocurrency boom has not only driven up the value of bitcoins but also given another market a boost – cybercrime. More specifically, cryptojacking.

Also known as “in-browser coin mining”, cryptojacking runs in your browser undetected, while sharing your browser’s resources. These scripts slow down devices, overheat batteries, and could even render devices unusable.

Symantec’s Internet Security Threat Report shows that cryptojacking instances have increased by 8,500 percent in 2017. It has been a popular form of attack for many cybercriminals. Unlike traditional attacks where attackers have to download a malware on a victim’s computer, cryptojacking works by just adding one line of script to a website.

For businesses, this presents a major threat. Cloud users might face heftier bills if they pay based on CPU usage. “People need to expand their defenses or they will pay the price for someone else using their device,” said Kevin Haley, director, Symantec Security Response.

This affects corporate or organizational networks as well, taking up resources of servers or supercomputers essential to the day to day operations of a company. The attacks are not limited to any particular platform; instances have been detected on various platforms including Windows, Linux, IoT devices, mobile apps, and even Mac OS.

While cryptocurrency values remain high, cryptojacking will likely remain rampant while coin-miners cash in on the trend. Although blockchain is gradually finding purpose in other industries, Symantec believes cybercriminals will remain focused on coins and exchanges in the coming year.

The shift in focus also contributes to a decrease in ransomware attacks. Ransomware reached peak profitability in 2016, but the market soon became too crowded and ransom became overpriced. Although there has been a decrease in new variants of ransomware, Symantec emphasizes that it remains a threat, and ransomware attackers are still very productive.

Globally, the US remains the most vulnerable to threats, with over a quarter of threats detected globally being specifically directed at the US. That is followed by China and India, at close to 11 percent and 5 percent respectively.

The company also foresees the use of AI and ML in cyberattacks, although not many details are revealed on how the attacks will look like.

To counter against cyberattacks like these, Symantec advises companies to deploy threat intelligence. By catching indicators of compromise early, companies will be able to respond faster to incidents. For instances such as cryptojacking, Symantec suggests frequent monitoring for abnormal or suspicious behaviors in company resources and networks.