One Quarter Of Surveyed UK Businesses Suffered From Cryptojacking, Security Firm Says
Web mining is still a potential threat.
Up to a quarter of the UK’s small businesses may have been affected by crypto-jacking attacks, according to the British cyber security platform CybSafe. The figures were based on a survey of common cybersecurity threats for UK SMEs (Small-Medium Enterprises).
The findings showed that 25% of the 250 respondents had suffered from cryptojacking in the past twelve months. Cryptojacking is a relatively new way of exploiting infected computers, where malware forces the PC to mine cryptocurrencies.
This results in high processor usage, which significantly slows down normal activities and could lead to overheating on less efficient systems. A popular infection method is to send phishing emails with malicious links or attachments, which then install the mining software.
A simpler but less permanent method is web browser mining, which the company categorized together with OS-based miners. It is unclear whether the stated figure differentiates between voluntary or hidden browser mining.
The research did not dive deeper into the specifics of which coin was mined, but it’s unlikely to be Bitcoin. Even if they gained access to computers with high-performance GPUs, it would still take more than 50,000 of them to match the performance of a single top-of-the-line ASIC.
Monero has long been the coin of choice for web miners due to its CPU-friendliness, offering returns at least comparable in magnitude to GPUs which would make scaling on consumer hardware worthwhile.
CybSafe CEO, Oz Alashe, warns that cryptojacking is not taken seriously enough. “Although there are signs now that the cryptojacking threat has somewhat declined over the last few months, businesses shouldn’t be fooled,” he cautioned. “Coinhive may have been shut down, but organisations shouldn’t assume that the threat has therefore vanished. As long as there is cryptocurrency for the taking, criminals will be looking to steal it.”
CybSafe’s research also found cybersecurity measures were lacking in general, with only half of the companies conducting employee training, and as much as one quarter not using anti-virus software.