Source: Shutterstock

Fighting the growing cryptomining threat in SEA

  • Cryptomining has emerged as the most frequent cybersecurity threat detected amongst SMEs in the region

Cryptomining is becoming an ever-greater risk to small and medium businesses (SMBs) in Southeast Asia, according to new research from Kaspersky.

The global cybersecurity firm revealed that it had blocked in excess of 1.7 million mining malware attempts targeting SMBs in the first half of 2020.

In the last five years or so, since blockchain-based cryptocurrency trading began to rise in popularity, ‘mining’ cryptocurrencies has rocketed too. Cryptomining can have tangential profit gains for miners, but it requires a huge amount of processing power to mine constantly, that’s why so many cyberattacks are looking to piggyback on computing power belonging to other organizations.

What does cryptomining do exactly?

These intrusions attempt to surreptitiously make use of an organizations’ on-premise or cloud-based servers to mine for cryptocurrencies. Bad actors monetize cryptomining and illicitly leverage the server space and raw processing power of these companies’ servers without their knowledge or consent.

This phenomenon is also known as cryptojacking, and despite a slight decrease year-on-year, Kaspersky detected 1,726,799 cryptomining attempts within six months that are explicitly targeting SMBs in the SEA territories this year.

Mining detections were the highest cybersecurity threat for SMBs in the region, more so than the well-known vulnerabilities like phishing and ransomware.

Kasperky’s data shows that when it comes to cryptomining, four out of the six SEA countries surveyed are in the top 15 worldwide. It is thought that cryptomining slips under the radar more readily because companies are not as aware to be on the lookout for it.

“This threat is clearly not as popular as phishing and ransomware primarily because its presence is usually unannounced,” said Kaspersky general manager for SEA, Yeo Siang Tiong.

Globally, Kaspersky ranks Russia is the country with the most number of cryptomining prevented incidents in Q2 of 2020, followed by China, India, Indonesia, and Vietnam. But when it comes to cryptojacking detections among SMBs in the first half of 2020, Indonesia came out with the highest figure – and this despite a detection reduction of 40% when compared to the first half of 2019, Kaspersky says.

Cryptomining does not cause active disruptions or expose the firm to financial risk, so that could be why SMBs are less wary of it. But this doesn’t mean that mining malware is benign, as miners keep all the profits by leeching off other people’s systems, and don’t even bear electricity or equipment costs.

Due to its consumption of the system, cryptomining malware can overwhelm an operating system, and cause severe performance issues, which could then adversely (and rapidly) effect the businesses’ network and customers.

Criminals might also be using hacked servers as a means for illegally farming funds to be used for other nefarious purposes, such as exfiltrating valuable data, selling server access for further abuse, or preparing for a targeted ransomware attack.

“This threat is silent, hidden inside our devices and networks, slowly sucking our bandwidth, electricity, and damaging our hardware which are all costly at a time when SMBs need their cash flow the most,” stated Kasperky’s Yeo.

What SMBs can do

Cloud servers, in particular, are favorite targets to compromise, as they generally might lack the cyber protection of their on-premise counterparts. But Kaspersky points out some of the red flags that could indicate cryptomining running in the background of your systems.

Some of the flags include a sudden and substantial increase in electrical consumption; a slowdown in CPU system responses; wasted bandwidth that decreases the speed and efficiency of legitimate computing workloads; batteries running down much faster than before; devices running hot; and if the device uses a data plan, the data usage increasing.

CISOs need to ensure that staff is brought up to on newer cybersecurity challenges like mining, that they are keeping an eye on server loads, are frequently monitoring web traffic of mining queries on popular cryptomining pools, and are carrying out regular audits of the company’s networks, both on-premise and in the cloud.

Naturally, all cybersecurity and software applications should be updated to their latest versions, in case of vulnerabilities in outdated systems. Kaspersky also recommends that SMBs use a well-equipped, dedicated endpoint security solution with web and application control, anomaly control, and exploit prevention components that monitors and block suspicious activity on the corporate network.