Instances of computers hijacked to mine cryptocurrency, a practice known as cryptojacking, rose 8500 percent in the final quarter of 2017, according to a new report by Symantec. The attacks make up 24 percent of all online attacks blocked in last December, and 16 percent of online attacks blocked in the last three months of 2017, correlating with the spikes in Bitcoin and other cryptocurrencies’ prices last year.
Symantec report tracks the rise of cryptojacking, and explains that its rise is partly due to easy-to-operate coin minings apps “with a low barrier [to] entry—only requiring a couple lines of code to operate,” which many have picked up as a way of cashing in on the cryptocurrency craze. Overall, cryptojacking rose by 34,000 percent in 2017.
The report says that mining other people’s CPUs is far easier than installing a virus into target computers, and that even ones that are fully patched might still be vulnerable if they visit the wrong site or app. Last year, Showtime’s website secretly mined user CPU for Monero, which has a more mining-friendly hashing algorithm than Bitcoin. More recently, Apple removed the Calendar 2 app in the Mac App Store that mined Monero for putting strain on users’ computers.
The Symantec report points out the costs of these cryptojackings has on unsuspecting victims: devices are slowed down, while batteries overheat and can experience a reduced lifespan. When targeted by cryptojackings on a larger-scale, corporate networks face the possibility of getting shut down by coin mining apps, says Symantec. But on a smaller scale, coin miners can escape detection if the change on people’s energy bills is kept relatively small. “This allows cyber criminals to make money without victims even realizing they have something unwanted on their machine or on the website they are visiting,” the report states.
“If you’re stealing others’ energy and resources,” then your actions are unpredictable and largely unmonitored, making it harder to detect if a computer is being used illicitly, says Alex de Vries, the founder of Digiconomist, a site that tracks the energy consumption of Bitcoin and ethereum mining, in a phone interview with The Verge, “We have no idea how many machines are being constantly used to mine. You might only notice after a few months that your energy bill is super high.”
“Attackers are moving to obtain more processing power to drive greater profit”
“Cybercriminals will continue to try and harness more and more of our resources for mining,” Symantec’s director of Security Response Kevin Haley told The Verge, “So while a great portion of these threats are browser-based, hijacking PCs, Macs and smart phones, attackers are moving to obtain more processing power to drive greater profit.”
Cryptojacking is likely to remain an issue while it’s still profitable to mine cryptocurrencies off others’ computers and worth the risk of getting caught. If the prices of cryptocurrencies dip back down to become virtually worthless again, as they were when Bitcoin was first created in 2009, coin mining could naturally disappear as a means of making money.