Earlier this year, Tesla was hit by a cryptojacking attack.
A misconfiguration of the electric-car maker’s Amazon Web Services environment allowed hackers to get in. But, instead of installing ransomware or stealing data the attackers installed software that mined cryptocurrency.
This kind of attack is hard to detect. Records aren't being compromised, data isn't erased. Cryptojacking software runs silently in the background, making money for the criminals.
"It's the compromise du jour," Karl Sigler, threat intelligence manager at Trustwave Holdings, a Chicago-based security firm, said. "It's just effortless money coming into the criminal's bank account."
During the first half of this year the number of cryptojacking detections was more than ten times higher than during the same time last year, according to the latest threat report from Trend Micro. According to cloud security firm RedLock, 25 percent of organizations have cryptojacking activity in their environments.
"Criminals have been putting crypto miners on anything that can run a process," including mobile devices, IoT devices, and browsers, Sigler said.
If the attack is against an individual, the performance hit would be so small that the user might not even notice.
If servers in a data center are infected, the damage can be substantial. For cloud deployments, there will be higher usage bills. For on-premises IT, cryptojacking may mean higher electric bills. Application users may see degraded performance and make more support calls.
"It can crash their systems, eat up CPU resources," Sigler said.
The criminals can run up tens of thousands of dollars worth of cloud computing or electricity bills before the problem is discovered, Jerome Segura, senior security researcher at Malwarebytes, told us.
"We've seen a migration or a maturation of cryptojacking into larger-scale scenarios," he said. "We've seen attacks on enterprise servers and also on cloud infrastructure. We've seen all kinds of customers being affected by this."
Plus, once attackers are in a system, they don't have to limit themselves to cryptojacking.
"If cryptomining doesn't generate enough profit, the attackers may at any point decide to monetize their resources in a different way," Segura said. "They can launch ransomware in your data center."
To mine cryptocurrency, servers solve mathematical puzzles that help secure a digital currency's infrastructure. In return, they get paid with some of that currency. Mining the most popular cryptocurrency, Bitcoin, is projected to use 7.7 gigawatts of electricity this year – as much electricity as the entire country of Austria.
Normally, a person mining Bitcoin would pay for their computer and their own electricity bill and hope to break even. With cryptojacking, it’s all profit.
Typically, when a cryptocurrency goes up in value (making mining more profitable), so does the rate with which criminals take over others’ systems to mine for them. Cryptojacking really started to take off last year when cryptocurrency prices soared, Segura said.
In addition, new types of cryptocurrencies started getting popular. Some are more anonymous than Bitcoin and can be mined on standard computers instead of the specialized processors Bitcoin requires.
Meanwhile, the barriers to entry have all but disappeared. "Cryptomining software toolkits are available online for as little as $30," Dave Klein, senior director for engineering and architecture at GuardiCore, said.
Klein recommends that data center managers make sure they have visibility down to the process level and use micro-segmentation to keep cryptojacking malware from spreading laterally.
For a hacker, the end goal is to install their software on as many machines as possible while remaining undetected. The longer they hide, the more money they make.
"Cryptojackers are the craftiest of cybercriminals," Klein said. "Security teams need to be just as clever to outsmart them."