The cyber threat landscape can be a bemusing place for a business executive. A fast-moving, jargon-filled world of shadowy hackers, nation-state spies and bedroom-bound hacktivists, cyber is nonetheless a vital contributor to business risk. As such, whether you’re a global sourcing buyer or supplier, you must be able to understand where the online threats to your business lie, how they might impact risk, and how you can mitigate that risk.

The chances are you’re familiar by now with ransomware. Well, increasingly, the hackers are eschewing this money-making scheme in favour of another, far more insidious and covert strategy: mining crypto-currency using your own enterprise computing resources. It’s time to get familiar with a new trend in cybercrime: crypto-jacking.

Mining for money

Like every new cybercrime story, this one is based on a simple financial narrative. Unless they’re sponsored by nation states, or driven by notoriety or revenge, hackers will always go where the money is. And today there is a lot of it to be had from the burgeoning crypto-currency markets. The astronomical rise in value of digital currencies like Bitcoin, Monero, Ripple and Ethereum over the past year or so has led to a kind of modern-day gold rush, with technology at its heart.

There are various legitimate ways to make money from crypto-currencies — perhaps by investing in and trading Bitcoin, for example. One other way is to “mine” currencies. Crypto-mining is carried out today by computers which make complex calculations to ensure virtual transactions are entered onto the public blockchain-based ledger. In return for their efforts, the owners of these machines are rewarded with a small amount of virtual currency.

As the finite number of Bitcoins etc left to mine slowly reduces, these calculations get more difficult and require more and more electricity to power. It’s said that the energy used to power global Bitcoin mining efforts alone is equivalent to that of a small country: around 30 TWh per year.

Now this is where the hackers come in. They’ve found that by hijacking large numbers of consumer and business machines, they can tap the collective computing power to mine their own virtual coins. Mobile devices, PCs, Macs, servers, IoT endpoints: no internet-connected system is safe from this emerging crypto-jacking menace.

It’s claimed that crypto-jacking attacks soared by a staggering 8,500% in 2017. More recent stats have the number of malware detections in businesses increasing by a more modest 27% from Q4 2017 to Q1 2018. At NTT Security, we’ve also noticed a spike in activity in recent months. After collecting 12,000 samples of Monero mining malware dating back to March 2015, we discovered the vast majority (66%) dated from November and December 2017.

Firms under fire

With some security researchers claiming that hackers could make as much as $100m per year, it’s no surprise why this new trend has become so popular among the black hats. It’s much easier for them to run these botnets of compromised machines than it is to co-ordinate a ransomware campaign, for example, which requires interaction with the victim and the possibility of not being paid. With crypto-jacking, you simply infect a bunch of computers, sit back and let the money start flowing in.

The bad news, however, is that they’re increasingly likely to target business computer systems to assist in their covert mining activity, as there’s more computing power to hijack than consumer devices can offer. Crypto-mining malware affected 42% of organisations globally in February 2018, according to one vendor.

Contrary to popular belief, the potential impact on businesses extends beyond the costs associated with extra electricity usage. Crypto-jacking could also impair the performance of your systems, leading to wear and tear and potential downtime that could affect customer service and staff productivity. Infection could also be both indicative of deeper security problems in your networks and lead to additional cyber-attacks designed to spread ransomware, or harvest sensitive IP and customer data. One report claimed that of 4,000 Bitcoin mining detections spotted in 1H 2017, 20% triggered web and network-based attacks.

How to fight back

As long as there’s a financial incentive to do so, and corporate systems are exposed to attack, cyber-criminals will continue to target them with crypto-mining malware. So where are the key risks for global sourcing buyers and suppliers? NTT Security research indicates that malicious email campaigns are the primary means via which hackers are likely to access your systems. This can be difficult to defend against, as the tactic takes advantage of the credulity of your users to trick them into clicking on a malicious link or opening a malware-laden attachment. With Verizon claiming that 4% of users targeted by any given phishing campaign click through, improved security training is an essential complement to investments in security technology.

It’s not all about malicious email, however. The National Cyber Security Centre has warned in a new report that a new tactic could dominate over the coming year. “Popular websites are likely to continue to be targets for compromise, serving crypto-mining malware to visitors, and software is available that, when run in a webpage, uses the visiting computer's spare computer processing power to mine the digital currency Monero,” it claimed. Such an attack was spotted in February, with legitimate tool Coinhive found to be running on 4,000 websites including those of the Information Commissioner’s Office, United States Courts, and the General Medical Council.

So how can global sourcing stakeholders hope to mitigate this new cyber-risk? It will require a layered approach to security focused on people, process and technology and comprising best practices of the sort outlined by the NCSC. On the technology side this means investments in IDS/IPS, network monitoring, ad blocking, anti-malware and more. Combine this with regular risk assessments, user education and comprehensive patch management, and you’ll stand a good chance of success.

Cybersecurity is ultimately about making you a harder target. With crypto-jacking, the hackers are looking for the path of least resistance, so put enough barriers in the way and they’re likely to look for easier targets.

(Click here for the full NTT Security report...)

About the Author

Terrance DeJesus is a Threat Research Analyst at NTT Security.