59% of Businesses in the UK Suffered Cryptojacking Attacks at Some Point, Survey Shows

  • A recent study found that 59% of businesses in the UK have ben hit with a cryptojakcing attack at some point.
  • These attacks see bad actors maliciously use their computer resources to mine cryptos.

According to research commissioned by Citrix and executed by OnePoll, 59% percent of large enterprises in the United Kingdom have been targeted with cryptojacking attacks.

The research, which was conducted in May 2018, focused on organizations that employed over 250 people. 750 key IT decision-makers from these companies were polled about the risks posed by cyberattacks from hackers looking to maliciously mine cryptocurrency.

The findings, made public this week, showed that 59% of respondents found crypto mining malware on their computer systems sometime in the past. The last 6 months saw up to 80% of the cases, with 30% of the businesses being attacked last month.

The study’s findings seem to be in line with a McAfee Labs report that stated cryptojacking malware cases had risen by 629% in the first quarter of 2018. On the other hand, 38% of the respondents revealed their companies have never been hit with a cryptojacking attack.

Understanding Cryptojacking

Cryptojacking refers to the use of someone else’s computer resources to maliciously mine cryptocurrencies without their knowledge. This can be done remotely by infecting the target’s devices with malware that uses its machine’s processing power to mine specific cryptocurrencies, often Monero (XMR) for its CPU-friendly mining algorithm.

Finding the attackers in cryptojacking cases is extremely difficult since the cryptos they mine are often untraceable privacy-centric coins like Monero. Since they’re using someone else’s machines, the attackers could be anywhere in the world.

The practice slows down computers for its heavy CPU resource usage. Businesses, including those completely unrelated to cryptocurrencies, have to pay attention to the practice. In some rare cases, computers were forced to overheat while mining.

How Businesses Tackle the Problem

Businesses need more than anti-malware software to tackle the cryptojacking threat, as the study’s findings revealed only 7% of cases were detected by anti-malware applications. Various respondents, 38%, detected the attacks through their network monitoring systems, while 34% did so through their co-workers.

According to the poll, while 21% of companies have no plans to combat crypto mining attacks, the majority, 67%, are aware of the threats posed by cryptojacking and have policies on it.

Various businesses detect cryptojacking attacks the same way they detect other cyber threats. Some, 41%, rely on network monitoring systems, while 24% rely on blocking crypto mining websites

Coinbase Says Recent Zero-Day Attack Targeted Staff, Not Investors

Neil Dennis

Coinbase sought to reassure investors on Thursday over concerns that customer accounts may have been targeted in an attack that exploited a recent Firefox zero-day.

The San Francisco-based cryptocurrency exchange said that the attack, discovered on Monday, had targeted Coinbase employees and that the exchange and its customers' accounts were untouched.

Software Vulnerabilities

A zero-day is a vulnerability in computer software that can remain unknown to those who provide and use that software for several days or weeks, yet - if discovered by hackers - can provide the opportunity to exploit that weakness for mischief or profit.

Coinbase's cyber security team, led by Philip Martin, discovered the zero-day vulnerability in Mozilla's Firefox software and reported it immediately to the web browser provider, which then issued a patch to rectify the fault.

However, the zero-day event may have lasted for weeks, according to Google engineer Samuel Gross who helped develop the patch. He reported on Twitter that he had reported a bug in Firefox to Mozilla in mid-April.

Coinbase Security on the Alert

While it remains unclear how soon attackers noticed the vulnerability and how extensively the bug was exploited, Coinbase detected the attack on its staff before the hackers could dig deeper into the back-end network from where they could have stolen funds from the exchange.

Philip Martin explained on Twitter that the security team "walked back" the entire attack and reported the zero-day to Firefox. He added the team was working with other organizations to "continue burning down attacker infrastructure and digging into the attacker involved".

He continued: "We’ve seen no evidence of exploitation targeting customers. We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted.

Martin concluded: "If you believe you have been impacted by this attack or you have more intel to share and want to collaborate with us on a response, please reach out to [email protected]"

Growing Problem

Zero-day attacks are on the increase. A 2018 survey by the Ponemon Institute called the State of Endpoint Security Risk report, said respondents reported that 37% of cyber attacks launched against their companies were zero-day events. This was a 48% increase from 2017.

Meanwhile, 63% of the survey's respondents said that the frequency of zero-day attacks had increased over the previous 12 months.