UK National Cyber Security Centre Lists Cryptojacking As “Significant” Threat

  • The UK's National Cyber Security Centre revealed cryptojacking is a cause for concern, and that it may become a legitimate source of income for website owners.
  • Cryptojacking has been growing in popularity among cybercriminals, and may affect a growing number of people in the next few years.

According to a report published by the UK’s National Cyber Security Centre (NCSC) this week, cryptojacking will be categorised as a form of cybercrime in the UK, as it is now seen as a “significant” cybersecurity concern. Per the organization, it’s likely going to “become a regular source of income for website owners.”

Cryptojacking essentially sees cybercriminals use other people’s computer resources to mine cryptocurrencies. Often, criminals mine privacy-centric cryptocurrencies like Monero (XMR), both to avoid detection and maximize profits mining with CPUs.

In the NCSC's comprehensive report, activities like cryptojacking, the use of cryptocurrency within targeted cybercrime, and ransomware were added as cause for concern. Unlike conventional currencies, cryptocurrencies like Monero offer anonymity to their users, cutting off potential trails leading to the criminals’ arrest.

Cryptojacking On The Rise

According to the report, cryptojacking cases have been increasing in number since 2016. Research conducted in December 2017 showed that 55% of businesses across the world have been infiltrated by cybercriminals looking to use their systems to mine.

By 2018/19, it's believed that cryptojacking will expand and affect a fast-growing number of people and businesses across the world. The report goes on to demonstrate that there are already 600 websites operating in the UK using visitor CPU resources to mine cryptocurrencies. The document reads:

"The technique of delivering cryptocurrency miners through malware has been used for several years, but it is likely in 2018-19 that one of the main threats will be a newer technique of mining cryptocurrency which exploits visitors to a website."

NCSC report

The report further notes that when being cryptojacked, users may only notice a “slight slowdown in performance,” meaning some cases go undetected. Although most cases involve cybercriminals using people’s resources without their consent, some websites ask for user consent as an alternative to showing ads.

The NCSC, at the end of the report, advised users to protect themselves with ad blockers and anti-malware programs that block cryptojacking scripts. A few browsers, including Opera and Brave, have built-in tools that block cryptocurrency miners.

Cybercrime in the UK has increased over the past few years; from WannaCry to present, with a growing number of crimes taking place in the UK. According to the Office of National Statistics, the volume of cybercrime has risen by 63% compared to last year.

The monetary cost of the rising cybercrime attacks has provoked action; the cabinet office reported that, without countermeasures, cybercrime would cost British businesses and taxpayers up to £27 billion (~$38 billion) annually.

Bitcoin Cash Developer Liquidates Address of Attacker Who Exploited BCH Bug

Calin Culianu, a Bitcoin Cash developer who works on the Electron Cash wallet, has recently fired back against the hackers who exploited a bug in the Bitcoin Cash blockchain to get miners to find empty blocks right after its scheduled May 15 hard fork.

Speaking to CoinSpice, Culianu revealed that right after he saw the attack was occurring and that the BCH blockchain wasn’t processing transactions, he “panicked” and “thought it was the end of the world.”

Right after Bitcoin ABC developers deployed a patch that fixed the bug and things got back to normal, he claims to have realized it was possible to get back at the attackers. As such, he got together with other developers to collect information, and soon realized the attackers “didn’t use crypto keys to secure their funds.”

After digging through block explorers to figure out the attackers’ addresses, the developers claim to have been able to collect over 1.2 BCH (around $470) from the attackers in over 3,000 transactions. The funds, he claims, will be split with his “accomplices.”

To liquidate the attackers’ addresses, Culianu explained he remembers seeing they made “some funny transactions” to trigger the bug. After looking at data from these transactions, he told the news outlet some patterns “specify how to spend it.” Referring to these patterns, he said:

It’s Bitcoin Op Code, which lacks a signature … some garbage they used to attack the BCH network. Anyone can make one of those because it’s not cryptographically secure, and then redeem all their funds.

On Reddit, he bragged about his accomplishment, and received various tips from the cryptocurrency’s community for managing to get back at the attacker. Culianu noted that he believes there are other BCH wallets he didn’t get to without cryptographic keys guarding them, and estimates nearly 3 BCH ($1,200) are still up for grabs.