April 20, 2018 By Shane Schick 2 min read

A research report from the U.K. suggested that the practice of cryptojacking website visits to mine Monero and other digital currencies will emerge as a prominent threat over the course of 2018.

For its “The Cyber Threat to U.K. Businesses,” report, the U.K. National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) drew upon several existing studies as well as their own data to assess the current cyberthreat landscape in the region. While the scope of the report included everything from security vulnerabilities to ransomware and distributed denial-of-service (DDoS) attacks, the authors highlighted a half-dozen new threats for U.K. businesses to look out for, including cryptojacking.

Cryptojacking Poses Unique Challenges

In February, at least 600 websites in the U.K. (and more than 4,000 worldwide) secretly used a screen plugin for visually impaired computer users to mine cryptocurrency, according to the report. Victims were likely unaware that their machine’s resources were being diverted because, other than webpages taking longer to load and potential slowdowns in application performance, the attackers left few clues of their intrusion.

The report noted that cryptojacking is a particularly challenging threat to detect because it is sometimes carried out by legitimate website owners looking for new revenue streams.

CMS in the Crosshairs

While cyptojacking WordPress sites has been a prevalent trend for some time, a recent report from the SANS Technology Institute revealed that attackers are now turning to a new content management system (CMS) as well. For example, one attack vector uses a downloader to place a cryptocurrency miner and then activate it on a site. CryptoVest conducted its own investigation and found that the threat actors behind the scheme host multiple websites from a set of shared servers.

Last month, Symantec’s “Internet Security Threat Report” revealed that the volume of crypojacking attempts against endpoint computers skyrocketed by 8,500 percent over the course of the past year.

Beyond the rise of cyptojacking as a serious threat to consumers in the U.K. and elsewhere, the NCA/NCSC report cited attacks against Internet of Things (IoT) devices, supply chain compromises and cloud security as areas of concern.

More from

How generative AI Is expanding the insider threat attack surface

3 min read - As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools…

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

New ransomware over browser threat targets uploaded files

3 min read - We all have a mental checklist of things not to do while online: click on unknown links, use public networks and randomly download files sent over email. In the past, most ransomware was deployed on your network or computer when you downloaded a file that contained malware. But now it’s time to add a new item to our high-risk activity checklist: use caution when uploading files. What is ransomware over browsers? Researchers at Florida International University worked with Google to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today