There is a new malware in town to rival ransomware and this time it is linked to the explosion in crypto-currencies such as Bitcoin. Crypto-currencies are based on transaction verification and so-called crypto-mining provides 24/7 accounting for these currencies, for which it receives a small fee.
Anyone can engage in this activity, but to make real money from crypto-mining requires vast amounts of processing power. Some miners now appear to have started to tap into other people’s networks to borrow their processing capacity in order to do this. A bit like cannabis farms tapping into the next door neighbour’s electricity supply to keep their plants warm.
More than 5,000 websites have been flooded by the malware. Software known as Coinhive, which quietly uses the processing power of a user’s device to mine open source crypto-currency Monero, appears to have been injected into the compromised BrowseAloud plugin.
The crypto-jacking script was inserted into website codes through BrowseAloud, a popular plugin that helps blind and partially-sighted people access the web. The National Cyber Security Centre has confirmed the issue is being investigated.
This activity could be more than just a nuisance to the companies and has the potential to seriously impact on their business operations and in extreme cases make them unable to operate for days.
Crypto-jacking malware attacks involve extremely high CPU processing and network bandwidth consumption, which can threaten the stability and availability of the physical processes of a network. It can also disable security tools and continue to operate in the background, unnoticed for some time. It can also infect website users and spread the virus to their systems.
But there are some signs that you are being crypto-jacked. Users who have been hit often complain of a slower internet connection and slower processing speeds due to the mining process using up to 85% of their CPU capacity. It can also drain a computer’s battery much faster than normal.
Behaviour monitoring tools, such as ThreatSpike, would also pick up on unusual network activity, such as unexpected HTTP communication attempts with suspicious IP addresses.
If you are worried about this new threat and want to get a free analysis of whether you are at risk, please get in touch and we can help to find a solution for your network.
Head of Cyber Security