Crypto-jacking is a new step in the evolution of malware monetisation. One of the first successful malware formulas was banking malware, where banking credentials were communicated back to cyber criminals. However, the conversion of credentials into cash is not an easy one.
Ransomware was another step which made the process simpler – victims would wire money directly. However, ransomware is losing its effectiveness as computer users start to be aware of the danger, and improve their security and backup procedures.
Crypto-jacking – the unauthorised use of someone else’s computer to mine cryptocurrency – has one main advantage over these two. If well designed, the mining process can run in the background without consuming all available resources.
In the best case, the user will be unaware that there is any extra processing going on. This makes it almost a "victimless crime" in the sense that the user may not be aware that there is a problem, as opposed to having a computer completely disabled, losing precious documents, or having money stolen from bank accounts.
The down side for the cyber-criminal is that he/she needs a lot of victims to gain enough resources to make any real profits. Ultimately, that will be the factor which decides whether we see it continue as an attack vector, or whether its popularity diminishes as new techniques are found, and the evolution continues.
So how should these newer forms of attack, which directly cost the affected company, influence a company's IT security practices?
Deciding on the right approach to cyber security is essentially a risk management process. Companies need to conduct detailed reviews covering the assets that may be at risk, the protection mechanisms in place, and the potential damage to the company should those assets be stolen or destroyed.
Assets may be information-based (files, credentials, databases) or, as more devices such as video cameras and physical security access systems become connected to the corporate network, they may also be physical property.
The damage to the company in the event of an attack may also be difficult to assess. Monetary losses, from paying the ransomware, may be easy to determine; but what about loss of documents or related recovery costs? And most difficult, what about the cost due to reputational damage, and legal liabilities caused by loss of customer data?
Crypto-jacking losses are less tangible. Servers which are mining in the background will have limited resources for dealing with real work, and productivity will be affected. Customer experience can also be degraded on public-facing servers.
These losses, whilst difficult to value, can be significant, and it becomes more important than ever to put in place a complete security solution covering all parts of the customer network. This may include access to the cloud - not only covering protection against attack, but also continually monitoring security "health" to identify potential weak points.
Most importantly, there must be monitoring of the complete IT infrastructure, in order to identify any breaches, and deal them before the real damage is done.
* Simon Bryden is a consulting system engineer at Fortinet. Views experssed are his own.