Move over 'ransomware attacks' – the next big threat in cyber space is 'cryptojacking'. ‘Cryptojacking’ essentially means compromising large pool of physical computers, cloud infrastructure and even legitimate websites to collectively mine cryptocurrencies on cyber criminals’ behalf. A new report by cyber security firm BitDefender says that huge number of corporate servers are being hijacked to mine cryptocurrencies, with their owners left with massive electricity bills.
According to Bitdefender, the number of reports on ‘crypto miners’ increased by 130 per cent between September 2017 and January 2018, making this type of attack more popular than last year’s ransomware. An earlier research done by Forrester had also noted that corporate servers, followed by employee-owned devices and corporate-owned devices, are the most-targeted devices for cryptocurrency mining.
Minting new cryptocurrency ‘coins’ is an energy-intensive process that involves complex mathematical operations. Today, most industrial-scale mining operations rely on specialised equipment that utilises ASICS – application-specific integrated circuits. The same process can also be carried out on standard server CPUs, although with much lower efficiency.
Corporate data centres with large pools of resources present the perfect target for cyberjacking, and since cyber criminals don’t pay for electricity, this approach is much more profitable than mining legally, using own hardware.
“Data centres usually allow organisations to scale their business by letting them optimise costs and computing resources based on their immediate requirements. However, if virtual infrastructures become compromised and cloud admins lose authentication credentials via searching attacks, social engineering, or unpatched security vulnerabilities, cybercriminals seize control,” says the BitDefender whitepaper.
From there, it is just a matter of spinning up powerful and resource-intensive rogue virtual instances that come pre-installed with cryptocurrency mining malware.
Since it may take several weeks – or until the bill comes in – to spot rogue virtual hosts, hackers would have already mined tens or hundreds of thousands worth of cryptocurrency while the affected organisation is left holding the power/services bill.