Cybersecurity firm Kaspersky said fresh statistics from its research units have revealed that the biggest threat for small and medium enterprises (SMEs) in the region are not about data breaches and ransomware but malicious mining.
Just in the first three months of 2020, Kaspersky said its solutions have foiled over 1 million mining attempts against devices of businesses in Southeast Asia (SEA) with 20-250 employees. This is 12% more compared with 949,592 mining incidents blocked in the same period last year.
The total number of miners detected in Q1 is also significantly more than the 834,993 phishing attempts and 269,204 ransomware detections against SMEs in the region.
“We cannot refute the fact that malicious mining is far less destructive compared with ransomware, data breaches, and the like but it remains a risk that SMEs should consider seriously. Cybercriminals behind these attacks are using your own resources, from your electricity, your data bandwidth, to your devices’ hardware which are not cheap at all,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“Our previous study even found out that two days’ straight of mining cryptocurrency using mobile mining malware can leave an infected device’s battery bloated to the point of physically deforming the phone. Think footing the bill without eating the meal, that’s how illegal miners work.”
Malicious mining, also known as cryptojacking, are attacks that can inflict both direct and indirect losses for a business. Cryptocurrency miners that infect the computers of unsuspecting users essentially operate according to the same business model as ransomware programs: the victim’s computing power is harnessed to enrich the cybercriminals.
Aside from a substantial increase in electrical consumption and usage of CPU, mining increases the wear and tear on hardware by having processing cores, including those belonging to discrete graphics cards, working overtime to mine ill-gotten cryptocurrency.
The wasted bandwidth also decreases the speed and efficiency of legitimate computing workloads. Moreover, a cryptojacking malware can overwhelm a system, causing severe performance problems, which will have an immediate effect on businesses’ networks and ultimately, their customers.
Kaspersky’s data further revealed that Indonesia and Vietnam were among the countries in SEA and globally with the highest number of mining attempts against SMBs. Most of the six countries in the region, except the Philippines and Thailand, have also recorded an increase in terms of this malware’s detection in the first quarter of 2020.
Completing the five countries with most number of cryptojacking attempts are the Russian Federation, Brazil, and the Islamic Republic of Iran.
“There are obvious signs when your file is being held by ransomware, but malicious miners take a long while to notice, compounding the true cost of this malware. Cryptocurrency is here to stay which also means cybercriminals will continue to look for devices they can use illegally for mining. One important point SMEs should consider is that there is a direct correlation between successful cryptojacking and the use of pirated software. The more freely unlicensed software is distributed, the more miners there are, so I urge companies to use legitimate software at all times,” said Yeo.
Aside from unlicensed software, miners can also get into computers via adware installers and infected content distributed using social engineering as well as infected USBs.
Kaspersky also shares the following tips to keep SMBs’ devices safe from malicious miners:
- Update your operating system and all software regularly.
- Distrust e-mail attachments by default. Before clicking to open an attachment or follow a link, consider carefully: Is it from someone you know and trust; is it expected; is it clean? Hover over links and attachments to see what they’re named or where they really go.
- Don’t install software from unknown sources. It may and often does contain malicious cryptominers.
- Use a dedicated endpoint security solution equipped with web and application control, anomaly control and exploit prevention components that monitor and block suspicious activity on the corporate network.