UK Cybercrime Authority Lists “Cryptojacking” As Serious Threat
A British government agency has acknowledged the rise of “cryptojacking,” and has released a report which listed the issue amongst other major threats to UK’s internet ecosystem.
The report, published by U.K.’s National Cyber Security Centre (NCSC) on April 10, highlighted cryptojacking as a “significant concern.” Other compromised identified trends were; IoT, data breaches, and legislation, supply-chain compromises, “worms,” and cloud security.
In the past few years, hackers have turned to cryptojacking as a means of revenue. Using this sophisticated procedure, hackers can mine cryptocurrencies by using a victim’s computing power without their knowledge.
Gradually, as the world shows an increased interest in cryptocurrencies, the NCSC believes this technique would gain further popularity.
Rogue Websites Listed
The report mentioned several websites that exploited user computers and mined cryptocurrencies, while adding that 55 percent of global businesses were victims of cryptojacking attacks in December 2017.
Hackers showed no sympathy for the disabled either. As per the report, plugins meant for visually impaired users were compromised and used in over 4,000 websites.
“Cyber attacks haven’t declined in 2018. The only way users may notice their devices are being cryptojacked is a slight slowdown in performance,” adds the report.
Rogue Miners Turning Sophisticated
Acknowledging that hackers evolve with the trends and continually create new methods to inject computers, the report adds:
“The technique of delivering cryptocurrency miners through malware has been used for several years, but it is likely in 2018-19 that one of the main threats will be a newer technique of mining cryptocurrency which exploits visitors to a website.”
While we might assume that only hackers carry out such attacks, UK’s cybersecurity team thinks otherwise. They believe that some (unnamed) website owners could be involved in such activities, and use the processing power of visitors’ CPUs, without their knowledge or consent, to mine cryptocurrency for their own financial gain.
The report said, “We expect to see a continuation of cryptojacking and supply-chain attacks, and an increasingly diverse range of ransomware variants.”
Malware attacks are already on the rise. In February 2018, a staggering 500,000 attempts of a cryptocurrency mining malware were blocked by Microsoft’s Windows Defender Antivirus.
Internet Users Advised to Stay Cautious
In the wake of widespread cryptojacking, the report has advised users to implement usage of anti-virus programs and ad-blockers, including those which detect illicit browser mining plugins, to stay safe against future hacker attacks.
Donald Toon, director of the National Crime Agency, said: “Organizations which don’t take cybersecurity extremely seriously in the next year are risking serious financial and reputational consequences.”
Website Trials ‘Permissioned’ Crypto Mining
Salon, a political website based in the USA, carried out a unique trial in February 2018. As per the government report, the site gave an “option” to users implementing ad-blockers to either disable the software or allow the site to mine cryptocurrencies using their computing power. In case a user selected the latter, the site would mine XMR, ironically using a Coinhive plugin.
The full report can be found here.