According to Kaspersky’s latest statistics for Southeast Asian SMEs in Q1 this year, over a million crypto-mining attempts were foiled against devices of businesses — a 12% increase compared with 949,592 mining incidents blocked in the same period last year.
The total number of miners detected in the first three months of 2020 is also significantly more than the 834,993 phishing attempts and 269,204 ransomware detections against SMEs in the region.
Malicious mining, also known as cryptojacking, happens when cybercriminals install a malicious program on the target computer or by means of fileless malware without the user’s knowledge.
As a result, this allows them to harness the victim’s processing power for their own nefarious purposes. Cryptojacking has also been known to occur when a victim visits a site that has a mining script embedded in the browser.
Kaspersky’s data further revealed that Indonesia and Vietnam were among the countries in Southeast Asia and globally with the highest number of mining attempts against SMBs. Most of the six countries in the region, except the Philippines and Thailand, have also recorded an increase in terms of this malware’s detection in the first quarter of 2020.
“Malicious mining attacks continue to remain as a widely underreported area of cyberthreats to SMEs. In this age where we are well acquainted with the infamous examples of data breaches, it is natural for us to pool our resources together and deal with ransomware and large-scale phishing attacks. However, this is not the case when it comes to cryptomining,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“As the symptoms and consequences of malicious mining are less obvious and less immediate than ransomware and phishing attacks, it’s easy for SMEs to disregard it as a mere technical issue. However, its aftermath is costly in the long run. The rapid increase of cryptojacking incidents in the region should be a wakeup call for enterprises in all shapes and forms. Cybercriminals are doing this attack because it is profitable, it is high time that we acknowledge this and improve our defenses against it,” he added.
In essence, some signs that may point towards devices being used for crypto-mining:
- Substantial increase in electrical consumption and usage of CPU
- System response will slow; the device’s memory, processor, and graphics adapter are bogged down completing cryptomining tasks.
- Wasted bandwidth will decrease the speed and efficiency of legitimate computing workloads
- Batteries will run down much faster than before, and devices may run quite hot.
- If the device uses a data plan, users will see data usage skyrocket.
To proactively safeguard your business against malicious mining, here’s what you should focus on:
- Enhancing the cybersecurity awareness of your employees is the first step, but a highly critical one for any business that takes cybersecurity seriously. Having them understand basic things like what file/link to open will go a long way in preventing crypto-miners from planting malware on electronic devices. Also, it is worth creating employee and operational control policies that cover aspects of network management and facilities, including password renewal regulations, incident handling, access control rules, protecting sensitive data and more.
- Monitor Web traffic – frequent queries to domains of popular cryptomining pools are a clear sign that someone is mining at your expense. Ideally, add these domains to your domain block lists for all computers in your network — lists of such domains can be found online. New domains are constantly appearing, so be sure to update the list systematically.
- Keep track of your server load. If the daily load changes suddenly, that may be a symptom of a malicious miner. Carrying out regular security audits of your corporate network may also be helpful.
- Ensure that all your software are up to date as soon as they are available so that you are well prepared for the latest cyberthreats.
- Implement the right cybersecurity solution for every aspect of your business operations, both hardware and software related. Use a dedicated endpoint security solution equipped with web and application control, anomaly control and exploit prevention components that monitor and block suspicious activity on the corporate network.
If you are already the victim of a crypto mining attack, or are looking to recover, here’s what you can do:
- Use a strong security solution on all computers and mobile devices to identify the threat, and enable Default Deny mode where possible.
- Kill and block website-delivered scripts. Your IT team should note the URL that is the source of the script and update the organization’s web filters to block it immediately.
- If a website extension is responsible for infecting the browser, update all the extensions and remove those that are not needed or are infected.