UK National Cyber Security Centre Lists Cryptojacking As “Significant” Threat

  • The UK's National Cyber Security Centre revealed cryptojacking is a cause for concern, and that it may become a legitimate source of income for website owners.
  • Cryptojacking has been growing in popularity among cybercriminals, and may affect a growing number of people in the next few years.

According to a report published by the UK’s National Cyber Security Centre (NCSC) this week, cryptojacking will be categorised as a form of cybercrime in the UK, as it is now seen as a “significant” cybersecurity concern. Per the organization, it’s likely going to “become a regular source of income for website owners.”

Cryptojacking essentially sees cybercriminals use other people’s computer resources to mine cryptocurrencies. Often, criminals mine privacy-centric cryptocurrencies like Monero (XMR), both to avoid detection and maximize profits mining with CPUs.

In the NCSC's comprehensive report, activities like cryptojacking, the use of cryptocurrency within targeted cybercrime, and ransomware were added as cause for concern. Unlike conventional currencies, cryptocurrencies like Monero offer anonymity to their users, cutting off potential trails leading to the criminals’ arrest.

Cryptojacking On The Rise

According to the report, cryptojacking cases have been increasing in number since 2016. Research conducted in December 2017 showed that 55% of businesses across the world have been infiltrated by cybercriminals looking to use their systems to mine.

By 2018/19, it's believed that cryptojacking will expand and affect a fast-growing number of people and businesses across the world. The report goes on to demonstrate that there are already 600 websites operating in the UK using visitor CPU resources to mine cryptocurrencies. The document reads:

"The technique of delivering cryptocurrency miners through malware has been used for several years, but it is likely in 2018-19 that one of the main threats will be a newer technique of mining cryptocurrency which exploits visitors to a website."

NCSC report

The report further notes that when being cryptojacked, users may only notice a “slight slowdown in performance,” meaning some cases go undetected. Although most cases involve cybercriminals using people’s resources without their consent, some websites ask for user consent as an alternative to showing ads.

The NCSC, at the end of the report, advised users to protect themselves with ad blockers and anti-malware programs that block cryptojacking scripts. A few browsers, including Opera and Brave, have built-in tools that block cryptocurrency miners.

Cybercrime in the UK has increased over the past few years; from WannaCry to present, with a growing number of crimes taking place in the UK. According to the Office of National Statistics, the volume of cybercrime has risen by 63% compared to last year.

The monetary cost of the rising cybercrime attacks has provoked action; the cabinet office reported that, without countermeasures, cybercrime would cost British businesses and taxpayers up to £27 billion (~$38 billion) annually.

JPMorgan Pays $2.5 Million for Overcharging Cryptocurrency Fees

JPMorgan Chase has reportedly agreed to pay $2.5 million to settle a class-action lawsuit filed against the financial institution in 2018, over it allegedly overcharging customers who were buying cryptocurrencies with Chase credit cards.

According to Reuters, JPMorgan Chase was overcharging users for buying cryptocurrencies as these transactions were being classified as cash advances. As part of the deal, JP Morgan did not admit to any wrongdoing to the 62,000 members of the class-action lawsuit, but a motion filed in Manhattan federal court reads the financial institution agreed to pay customers $2.5 million, noting it will see class members get “about 95% of the fees they said they were unlawfully charged.”

It adds:

.Chase has agreed to enter into this Agreement to avoid the further expense, inconvenience, and distraction of burdensome and protracted litigation, and to be completely free of any further claims that were asserted or could have been asserted in the Action.

One of the plaintiffs, Brady Tucker, reportedly claimed JPMorgan Chase violated the Truth in Lending Act since it did not inform its customers crypto purchases were being treated as cash advances. This saw them pay higher fees, which the bank then refused to refund and led to the class action lawsuit.

At the time the lawsuit was filed JPMorgan was seemingly hostile toward cryptocurrencies, with its CEO Jamie Dimon claiming bitcoin was a “fraud.” Since then, the bank has launched its own stablecoin called JPM Coin.

As CryptoGlobe reported, a report published by JPM late last month showed that using their “intrinsic value calculation,” developed by in-house analyst Nick Panigirtzoglou, bitcoin is correctly valued after the recent halving event.

Featured image by Drew Beamer on Unsplash.