According to cybersecurity solutions firm Kaspersky’s latest statistics for Southeast Asian SMBs in Q1 this year, over a million crypto-mining attempts were foiled against devices of businesses, a 12% increase compared with 949,592 mining incidents blocked in the same period last year.
The total number of miners detected in the first three months of 2020 is also significantly more than the 834,993 phishing attempts and 269,204 ransomware detections against SMBs in the region.
Malicious mining, also known as cryptojacking, happens when cybercriminals install a malicious program on the target computer or by means of fileless malware without the user’s knowledge. As a result, this allows them to harness the victim’s processing power and use it in undertaking cyber criminal acts. Cryptojacking has also been known to occur when a victim visits a site that has a mining script embedded in the browser.
“Malicious mining attacks continue to remain as a widely underreported area of cyberthreats to SMBs,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. “In this age where we are well acquainted with the infamous examples of data breaches, it is natural for us to pool our resources together and deal with ransomware and large-scale phishing attacks. However, this is not the case when it comes to cryptomining.”
Kaspersky’s data further reveals that Indonesia and Vietnam were among the countries in SEA and globally with the highest number of mining attempts against SMBs. Most of the six countries in the region, except the Philippines and Thailand, have also recorded an increase in terms of this malware’s detection in the first quarter of 2020
“As the symptoms and consequences of malicious mining are less obvious and less immediate than ransomware and phishing attacks, it’s easy for SMBs to disregard it as a mere technical issue,” said Yeo. “However, its aftermath is costly in the long run. The rapid increase of cryptojacking incidents in the region should be a wakeup call for enterprises in all shapes and forms. Cybercriminals are doing this attack because it is profitable, it is high time that we acknowledge this and improve our defenses against it,” he adds.
In essence, below are some signs that may point towards devices being used for crypto-mining:
- Substantial increase in electrical consumption and usage of CPU
- System response will slow; the device’s memory, processor, and graphics adapter are bogged down completing cryptomining tasks.
- Wasted bandwidth will decrease the speed and efficiency of legitimate computing workloads
- Batteries will run down much faster than before, and devices may run quite hot.
- If the device uses a data plan, users will see data usage skyrocket.
Tips to avoid cryptomining
To proactively safeguard your business against SMBs, here’s what you should focus on:
- Enhancing the cybersecurity awareness of employees is the first step, but a highly critical one for any business that takes cybersecurity seriously. Having them understand basic things like what files or links to open will go a long way in preventing crypto-miners from planting malware on electronic devices. Also, it is worth creating employee and operational control policies that cover aspects of network management and facilities, including password renewal regulations, incident handling, access control rules, protecting sensitive data and more.
- Monitor web traffic. Frequent queries to domains of popular cryptomining pools are a clear sign that someone is mining at someone’s expense. Ideally, add these domains to the domain block lists for all computers in the network — lists of such domains can be found online. New domains are constantly appearing, so be sure to update the list systematically.
- Keep track of the server load. If the daily load changes suddenly, that may be a symptom of a malicious miner. Carrying out regular security audits of your corporate network may also be helpful.
- Ensure that all the company’s software is up to date as soon as they are available to be well-prepared for the latest cyberthreats.
- Implement the right cybersecurity solution for every aspect of the business operations, both hardware and software related. Use a dedicated endpoint security solution equipped with web and application control, anomaly control, and exploit prevention components that monitor and block suspicious activity on the corporate network.
If the company is already the victim of a crypto mining attack or is looking to recover, here’s what to do:
- Use a strong security solution on all computers and mobile devices, such as Kaspersky Internet Security for Android or Kaspersky Total Security to identify the threat, and enable Default Deny mode where possible.
- Kill and block website-delivered scripts. IT team should note the URL that is the source of the script and update the organization’s web filters to block it immediately.
- If a website extension is responsible for infecting the browser, update all the extensions, and remove those that are not needed or are infected.