As the saying goes, the street finds its uses for things. That’s what we saw when crypto-mining started hitting web browsers and corporate web servers. It has become a significant issue for many businesses in the past 12 months.

Ever since blockchain and cryptocurrencies went mainstream — roughly in the first half of 2017, when the value of cryptocurrencies like Bitcoin soared — illicit cryptocurrency mining emerged in public. The problem then rapidly shifted in September 2017, when the legitimate Coinhive JavaScript miner was introduced, enabling Monero cryptocurrency mining directly within the browser. It was a capability that was quickly exploited by a cyber-crime campaign that drew millions of users to pages that then started to automatically mine for Monero under the guise of recouping server costs. Simple, effective — and attractive to criminals.

Risk and reward

Crypto-mining attacks grew rapidly. Everyone uses a web browser. Web browsers weren’t designed to resist this kind of attack. And web browsers themselves have got faster. This combination is exactly what is needed for crypto-mining because this intensive process of sealing new transactions into the cryptocurrency’s public ledger is what’s needed for blockchain technology to work.

Sealing a block of transactions is like solving a complex puzzle, and the ledger itself is a chain of sealed transaction blocks (hence ‘block-chain’). The first miner — person-and-machine — to complete this complex calculation is rewarded with some fresh coinage, which converts relatively easily these days to cold hard cash; with the rise in value of cryptocurrencies, rather a lot of it, too.

Criminals have never been shy of getting someone else to the hard work for them. Crypto-mining is just the latest example.

A wider threat

Some organisations may feel they have worse security problems to handle than crypto-mining attacks that just slow down a user’s browser. But the threat has evolved and mutated beyond that.

Crypto-mining has become more aggressive, and can seriously disrupt business by overloading systems to the point where they become unresponsive and shut down. But other variations have done the opposite — become more stealthy, and harder to detect. Criminals have bundled crypto-mining with other types of malware, including ransomware. They can then activate and monetise their attack at the time they choose.

Crypto-mining attacks in the UK

Citrix recently commissioned some UK-focused research into crypto-mining attacks: a couple of insights stand out. First, the research found that nearly a third of businesses had been hit by crypto-mining attacks in the 30 days prior to being surveyed.

Second, the study found that half of large UK businesses are now stockpiling cryptocurrencies themselves — often to provide a quick means of payment should they be subjected to a ransomware attack. Unfortunately, criminals realize this — and so now try to steal the cryptocurrency itself, too.

Have a plan

Businesses can’t prevent every possible attack.  But every business can — and should — have an effective plan to detect and recover from common attacks like crypto-mining and ransomware. This plan should include the centralising of data storage and management, so that customer data and valuable intellectual property is held securely, away from vulnerable devices and end-points.

Taking these steps will give cyber-attackers fewer opportunities to gain leverage and demand ransoms. And consider how much greater the cost may be, if an attack affects data privacy, and causes a compliance failure under the GDPR.

Still lacking a simple and effective plan? If this is on your to-do list: get it done. If it isn’t: put it at the top.

www.citrix.com/secure

Methodology

Citrix commissioned OnePoll to conduct an online survey of 750 IT security decision makers at companies across the UK with 250 or more employees from 3rd May to 14th May 2018.

This follows a previous online survey — commissioned by Citrix and carried out by OnePoll — of 500 IT decision makers at UK companies with 250+ employees between 19th and 26th January 2018.