Light Dark
April 20, 2018 By Shane Schick 2 min read

A research report from the U.K. suggested that the practice of cryptojacking website visits to mine Monero and other digital currencies will emerge as a prominent threat over the course of 2018.

For its “The Cyber Threat to U.K. Businesses,” report, the U.K. National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) drew upon several existing studies as well as their own data to assess the current cyberthreat landscape in the region. While the scope of the report included everything from security vulnerabilities to ransomware and distributed denial-of-service (DDoS) attacks, the authors highlighted a half-dozen new threats for U.K. businesses to look out for, including cryptojacking.

Cryptojacking Poses Unique Challenges

In February, at least 600 websites in the U.K. (and more than 4,000 worldwide) secretly used a screen plugin for visually impaired computer users to mine cryptocurrency, according to the report. Victims were likely unaware that their machine’s resources were being diverted because, other than webpages taking longer to load and potential slowdowns in application performance, the attackers left few clues of their intrusion.

The report noted that cryptojacking is a particularly challenging threat to detect because it is sometimes carried out by legitimate website owners looking for new revenue streams.

CMS in the Crosshairs

While cyptojacking WordPress sites has been a prevalent trend for some time, a recent report from the SANS Technology Institute revealed that attackers are now turning to a new content management system (CMS) as well. For example, one attack vector uses a downloader to place a cryptocurrency miner and then activate it on a site. CryptoVest conducted its own investigation and found that the threat actors behind the scheme host multiple websites from a set of shared servers.

Last month, Symantec’s “Internet Security Threat Report” revealed that the volume of crypojacking attempts against endpoint computers skyrocketed by 8,500 percent over the course of the past year.

Beyond the rise of cyptojacking as a serious threat to consumers in the U.K. and elsewhere, the NCA/NCSC report cited attacks against Internet of Things (IoT) devices, supply chain compromises and cloud security as areas of concern.

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

July 26, 2024

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

July 25, 2024

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

July 24, 2024

Crisis communication: What NOT to do

4 min read - Read the 1st blog in this series, Cybersecurity crisis communication: What to doWhen an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can cause permanent reputational damage.Because of the stress and many moving parts that are involved, businesses often fall short when it comes to communication in a crisis.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature