The New Cyberthreat: Cryptojacking

Cryptocurrencies have emerged as an alternative means for financial transactions, while the value of a single bitcoin cryptocurrency rose to $20,000 in late 2017. Of course, hackers took notice and succeeded in stealing over $1 billion in cryptocurrency in 2018 alone. Unfortunately, the cyber threat goes beyond the theft of the currency itself. This new platform has given birth to a cybercrime known as cryptojacking.

Cryptojacking Defined

Cryptocurrency can be earned by a process called cryptomining. Cryptominers must first solve complex mathematical problems to validate transactions. To do this, they use software to create a very complex cryptographic puzzle that requires massive amounts of computing power.

But rather than use their own resources, cybercriminals infiltrate the networks of unsuspecting victims to leverage the victim’s computers for their own mining activities. Hackers then send the results back to servers they control. This often results in slowing or crashing of computer systems, equipment replacement costs, increased energy costs and lost productivity.

Cryptojackers use several methods of attack. These include:

• Phishing emails: The victim clicks on a malicious link or attachment. This runs a code that injects a cryptomining script on the target computer. The script will continuously run, often undetected.
• Drive-by mining: The hacker injects a cryptojacking script on targeted websites or pop-up ads. When a victim visits that website or receives a pop-up from the infected ad, the script will run and infiltrate the network.
• Rogue employees: Insiders with access to IT infrastructure can set up cryptojacking systems, including physical servers, within the workplace premises.

Symantec provided additional insight into the threat in its annual Internet Security Threat Report. In January 2018, Symantec reports that they blocked 8 million cryptojacking attempts, compared to 3.5 million in December 2018. While it appears the frequency of attacks is trending down, the cryptojacking threat remains a credible threat to networks worldwide.

A combination of prevention and risk transfer provides an effective way to deal with the cryptojacking threat.

Several strategies can be deployed to help prevent a cryptojacking attack:

• Web filtering tools should be used to block websites that are known to spread cryptojacking scripts.
• A cryptojacking ad blocker can be installed to prevent infected ads from popping up.
• Endpoint detection technology can recognize known crypto miners as soon as they penetrate the network.
• Mobile device programs can manage vulnerable apps and malicious extensions that may be found on employee-owned devices.
• Employees must be educated to recognize phishing emails in security awareness training programs

Transferring Cryptojacking Risk

Of course, there is no silver bullet that will prevent all cyberattacks. As a result, the commercial cyber insurance market has evolved along with cyber threats to facilitate options for cyberrisk transfer. These insurance policies can provide indemnification for both firstparty direct costs and subsequent third party liability costs in the aftermath of a cyberattack. While policy wording can differ among insurance companies, there are common coverages that are found in many policies. These may be especially helpful in transferring financial losses specific to a cryptojacking attack, including:

• Business interruption: The cumulative effect of the slowing of hundreds or thousands of computers in one organization can lead to significant cost over time. Components may fail prematurely due to overuse, and critical controls may be affected. The resulting downtime and restoration process may cause financial loss, which may be recovered under a cyber insurance policy.
• Network security liability: Companies may unknowingly transmit cryptomining code to other organizations, creating legal liability. Litigation costs and settlements may be covered under these policies.
• Crisis management: Hackers may change tactics after the initial cryptojacking attack. Once they have access to networks, they may move laterally and access sensitive information that they can monetize, such as Social Security numbers and financial records. Costs to retain external vendors to investigate and respond to the attack, including IT forensics firms, privacy attorneys, credit monitoring fees, notification and call center costs, may be covered.
• Increased costs due to fraudulent use of a victim’s vendor services, such as a cloud provider or internet-based services, may also be covered.

There’s no reason to believe that cryptojacking will disappear as a threat any time soon. Any effective strategy to foil the cryptojackers must reflect a variety of tactics including technology-based controls, employee training and insurance transfer mechanisms. It’s imperative that companies confront the threat of cryptojacking head-on—this potential for crippling damage is simply too great to do otherwise.

Interested in learning more?

Join our upcoming webinar as we partner with Crowdstrike, a cyber security technology company, to discuss the latest in cyber-criminal attack methods.

REGISTER NOW

About the author

John Farley is an industry-recognized subject matter expert in cyberrisk management. He is also a frequent guest speaker and a published author with a 27-year track record in the insurance industry.

John leads Gallagher’s Cyber Liability practice developing and executing insurance coverage across all lines in the U.S. and works closely with our teams in across the world in our Global Cyber practice. He provides thought leadership on a variety of cyberrisk management best practices. He assists clients across all industries in navigating the dynamic cyber insurance markets as a means to cyberrisk transfer while providing guidance on emerging regulatory risk, cyberattack techniques, cyberrisk prevention and data breach cost mitigation strategies.