“Cryptojacking” is the latest cyber risk, experts warn

Malicious code can allow hackers to commandeer the processing power of affected computers to help mine for cryptocurrency

“Cryptojacking” is the latest cyber risk, experts warn

Cyber

By Lyle Adriano

Cybersecurity experts have discovered malicious code on several websites that allow third parties to break into affected computers and utilize their processing power to mine cryptocurrency.

Websites of major companies – including Canadian ones such as Loblaw Companies and Shoppers Drug Mart – were found to have JavaScript code left behind by so-called “cryptojackers” looking to employ site visitors’ computers as cryptocurrency farms.

Register for our exclusive CE webinar Cyber Insurance 101, and get covered on selling cyber.

“It basically just hogs your CPU,” University of British Columbia electrical and computer engineering department professor Konstantin Beznosov explained to The Canadian Press.

Computers that have been cryptojacked can become unresponsive or slow down considerably. It could also lead to higher energy consumption.

Search and compare product listings for Cyber Insurance from specialty market providers here

The malicious code has been observed in other websites that attract a lot of traffic, such as American politics fact-checking site Politifact and CBS Corporation’s Showtime and Showtime Anytime sites.

It was discovered that one of Shoppers Drug Mart webpages was being used to mine for the cryptocurrency Monero through Coinhive – a website that provides other sites a mining codes embed in exchange for a cut of the profits.

Daniel Tobok, CEO of cybersecurity firm Cytelligence, said that screenshots taken in September suggest that a third party tried to use the website to connect to a cryptocurrency miner.

Cryptojacking is extremely common, Tobok added.

Back in 2013, Kaspersky Lab’s products detected cryptojacking threats about 205,000 times. In the first eight months of 2013, Kaspersky’s software found 1.65 million users were attacked by mining codes.

Tobok explained that the malicious code can be tweaked such that every time an affected computer is used, the hackers will attempt to mine for more cryptocurrency.

“You become another spoke in the wheel,” he remarked.

A spokesperson for the Office of the Privacy Commissioner of Canada said that the agency is aware of the issue, but has not taken an in-depth assessment of the problem.

Another spokesperson for the Canadian Cyber Incident Response Centre (CCIRC) said that targeted system owners may not always notify or request assistance from the center.

“As this type of malicious activity is generally intended to go unnoticed, it often is not destructive and does not result in loss of confidential information,” CCIRC spokesperson Jean-Philippe Levert.

Levert added that the CCIRC is ready to assist those affected.


Related stories:
Is breach fatigue tempering cyberattack reputational harm?
This market moves at a pace that is ‘unusual’ in insurance
 

Keep up with the latest news and events

Join our mailing list, it’s free!