Cryptojacking is the ‘secret commandeering’ of a business’s computing power to mine for cryptocurrencies that in turn gives companies a headache and criminal miners a cryptocoin payout if their efforts are successful, according to Symantec.
Cryptojacking activity tends to follow the value of cryptocurrencies, and peaked in December 2017, with eight million cryptojacking events blocked by Symantec, before falling off slightly in 2018. Nonetheless, the company reported that it blocked around five million cryptojacking events in July 2018, indicating this new cyber threat shouldn’t fall off the radars of businesses.
One cyber insurance expert shares this sentiment, based on his experiences dealing with this evolving risk.
“Many times the issue we see is a huge slowdown in the systems and the software that they’re using to perform their normal services,” said Patrick Costello (pictured), principal at Evolve MGA. He explained that, for example, if Evolve could quote 300 accounts a day, a cryptojacking attack might mean they could only quote 25 accounts, leading to a business interruption loss since the business can’t operate as efficiently and might also have to shut down its networks to facilitate a clean-up. A business could likewise end up with a sizable electricity bill at the end of the month as a result of cryptojacking.
In one case that Evolve worked on, Thermalair, an HVAC contractor, noticed an issue when their system was suddenly very slow and employees were getting odd notices in their financial accounting system. An IT company looked into it and traced activity in their system to an IP address located in Russia, explained Michael Finn, account executive at GMGS Risk Management & Insurance Services and Thermalair’s broker.
“The cryptojacking occurred due to an unsecured backdoor portal being used by their financial accounting software company for maintenance,” said Finn. “Since the hackers had access to their financial software systems, they were very concerned about financial, payroll, banking, accounting, and user information being stolen or compromised.”
Evolve started specifically covering cryptojacking in the new edition of its cyber coverage earlier this year.
“We did it because of the claims activity we were seeing in the space. Forbes has said that cryptojacking is going to surpass ransomware in the frequency of attacks that occur in the upcoming years. We want to be as progressive as possible and offer our clients coverage for the legitimate new hacking attacks that are occurring on a regular basis,” said Costello.
Evolve’s incident response team responded quickly to Thermalair’s claim. They had the technical resources to determine the source of the issue and were able to effectively mitigate the financial cost of the attack. A valuable lesson learned from the incident is that contractors don’t often realize they’re vulnerable to any type of cyberattack, yet any and all businesses could be susceptible to this and many other cyber threats.
“The fact of the matter is if you’re collecting anyone’s data, if you have a bank account, or if you’re using computers in any way, you have a cyber exposure,” said Costello.
While some clients might be familiar with a threat like ransomware, awareness around cryptojacking is particularly low.
“There’s no awareness of cryptojacking in the marketplace, except for those folks that have experienced it. Even when talking to retail insurance brokers, the majority of them have never heard of the term ‘cryptojacking.’ The majority of folks also are very uneducated as to how cryptocurrency works in general, how the ledger works in the cryptocurrency system, and why people are motivated to perform cryptojacking attacks,” Costello told Insurance Business. “Generally, if you are utilizing computing power to mine for cryptocurrency, you can be rewarded with commissions of that cryptocurrency because you are verifying transactions on the cryptocurrency ledger. We could all legally mine for cryptocurrency, but a lot of times, criminals see businesses as an easy outlet to steal computing power to process it themselves.”
In the fight against cryptojackers, Evolve is doing everything it can to ensure that businesses and retail brokers are aware of the associated risks of this growing threat.
“Evolve has partnered with one of the most experienced claims teams in the industry. They see multiple claims every day and they are very well-versed in the hacking attacks most relevant to US businesses. We have a 24/7 hotline that our insureds and brokers can call at any time. We recommend that our insureds call in to the hotline even if they just suspect that an incident might have occurred. Timing is key. The sooner we know, the sooner we can lessen the damage associated with the attack,” said Costello.