One in three UK orgs hit by cryptojacking in previous month, survey finds

UK_-cryptojacking-623x432.jpg

Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies.

A total of 30% of organizations in the United Kingdom fell victim to a cryptojacking attack in the previous month, a recent survey among 750 IT executives across the UK has found.

The study, commissioned by Citrix and carried out by OnePoll in May 2018, also reveals that 59% of IT decision-makers have been alerted to covert cryptocurrency mining on their systems at some point in the past, rather than in the last month alone, Internet of Business reports. Of those, 80% were affected in the last six months, which roughly coincides with a surge in popularity of cryptojacking.

Meanwhile, 38% of the respondents said that they have never experienced such an attack.

The study also found that, in most cases (60% ), up to 50 devices were hit by cryptojacking. A total of 11% percent of the respondents said that over 100 machines were affected in the most recent attack. All respondents work in organizations of at least 250 employees each.

The plurality of the cases (38% ) were detected through network-monitoring solutions. Only one in six organizations discovered such an incident after noticing slower device performance, which helps illustrate the surreptitious character of the mining.

Cryptojacking, or the hijacking of the victim machines’ processing power to generate virtual currencies, can eat up much of the targets’ CPU resources. In so doing, it degrades system performance and ramps up energy bills for the victim. The attacks commonly involve injecting a mining script into a website or advert, or threat actors compromise a device with malicious mining code.

One prominent flare-up in covert mining occurred this February, when ne’er-do-wells added a mining script known as CoinHive into a browser plugin called Browsealoud that was then loaded by several thousand websites, including some in the public sector in the UK. If not caught by monitoring software, the script ran in the background  unbeknown to the visitor of the affected site  until the webpage was closed.

Given their computing power, enterprise servers are among especially lucrative targets for illicit cryptomining. At the same time, cryptocurrency-mining malware doesn’t shy away from cloud services, Android apps or, as documented by ESET researchers just days ago, third-party add-ons for a media player.

written by Tomas Foltyn, ESET We Live Security


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s