"Cryptojacking" attacks in the UK have surged by 1,200% in just a few months, cybersecurity researchers have told Sky News.
The figures, which show the huge increase from October to January, were detected by cybersecurity firm Symantec Threat Intelligence and rank the UK fourth in the world in terms of the numbers of victims.
Cryptojacking involves an attacker using their victim’s computer to mine cryptocurrencies, often doing so within web browsers such as Chrome.
Victims do not lose their own finances to cryptojacking, experts say, but do end up with unwanted software running on their computers.
Of more than five million attacks globally, only in the United States, Japan and France were more incidents detected. Germany rounded off the top five.
It means the UK is now home to 4% of all cryptojacking victims in the world.
Earlier in February, an attack hit people visiting the websites of the Information Commissioner’s Office and the Student Loans Company after hackers inserted a mining script into a browser plug-in designed to help the partially sighted.
Symantec security researcher Candid Wueest said attacks are likely to increase even further over the next six months.
However, he said the damage to victims could be worse.
The in-browser cryptocurrency miners are not installing anything on the victim’s machines, they’re not encrypting files, Mr Wueest told Sky News. Even though they could potentially steal credentials, at the moment the attackers don’t want to.
Instead, the miners are attempting to be unobtrusive and secretive to avoid detection because they want to be able to continue mining for as long as possible Mr Wueest said.
Curiously, it is the same buoyed value of cryptocurrencies driving criminals to target others’ machines that is also protecting those machines from more malicious interference.
Alex Davies, security consultant at Countercept, told Sky News that while users are not losing their own finances, the unwanted software can cause significant problems.
That software could do anything, he said. Sure, right now it’s cryptomining software, but maybe the malware author pushes an update and suddenly it’s now banking malware and it steals your online banking credentials.
That’s the kind of situation we’re in. You never want to have unknown software running on your computer.
There are now more than 1,300 cryptocurrencies in existence, with the market capitalisation of the largest, bitcoin, worth approximately $181bn as of publication.
However, a privacy-focused cryptocurrency called monero, with a market cap of only $5bn, is more commonly mined by cryptojackers – and not just because of the increased anonymity it provides its users.
Unlike bitcoin mining – which is dependent upon specialised hardware – the monero mining algorithm is designed so it can be effectively run on consumer devices, and even in a web browser.
This has even led to monero being considered as a legitimate revenue source by online magazine Salon, which plans to offer consenting readers an advertisement-free experience in exchange for their processing power.
Monero’s privacy features also make it attractive to those who want to conceal their transactions. Bitcoin is only somewhat anonymous, Mr Wueest explained.
You might not know who is paying who, but you can see where the money goes, he said, referencing bitcoin’s traceable and transparent blockchain.
The monero blockchain however conceals the transactions between different addresses using cryptographic ring signatures.
(c) Sky News 2018: ‘Cryptojacking’ attacks surge 1,200% in UK