Hackers are stealing more than your money and data these days. Now, they need your computing power to do their dirty work, too. The threat is called cryptojacking and could be crippling your network, whether you realize it’s happening or not.

Cryptocurrencies, or payment for hackers and cyber criminals, are earned through a process called cryptomining where criminals have to solve complex mathematical problems to validate their transactions. Criminals use software, requiring massive amounts of computing power to do so.

How does a cryptojacking attack happen?

Cyber criminals can access your computational power in a few ways:

  • Phishing email: The hacker will send a malicious link or attachment via email. When an unsuspecting employee clicks on it, a code injects a cryptomining script on the target computer. The script will run continuously, often undetected.
  • Drive-by mining: A cryptojacking script is injected on targeted websites or pop-up ads. When a victim visits that website or receives a pop-up from the infected ad, the script will run and infiltrate the network.
  • Rogue employees: Employees that have access to IT infrastructure can set up cryptojacking systems, including physical servers, in any work environment.
  • Inadequate firewalls: Hackers can channel cryptomining packages between corporate servers because firewalls won’t necessarily block traffic between them.

How can you prevent it?

There are a few best practices you can institute to help prevent cryptojacking, including:

  • Keep current with critical security updates and patch known vulnerabilities
  • Leverage web filtering tools that block websites known to spread cryptojacking scripts.
  • Engage a cryptojacking ad blocker to prevent infected ads from popping up.
  • Implement endpoint technology to detect known cryptominers as they penetrate the network.
  • Manage vulnerable apps and malicious extensions using mobile device programs for an extra layer of protection.
  • Educate employees to better recognize phishing emails.

Will insurance cover a cryptojacking attack?

With the vast number of exposures and potential losses when it comes to a cyberattack of any kind, there is no one size fits all cyber policy. However, working with your broker can ensure that the following areas of risk transfer are covered under your cyber policy:

  • Business Interruption — The cumulative effect of the slowing of hundreds or thousands of computers in one organization can lead to significant costs over time. Components may fail prematurely due to overuse, and critical controls may be affected. The resulting downtime and restoration process can cause financial loss, which may be recovered under a cyber insurance policy.
  • Network Security Liability — If a business unknowingly transmits a cryptomining code to other organizations, they could face legal liability. Litigation costs and settlements may be covered under a cyber policy.
  • Crisis Management — Once a hacker has access to your network via a cryptojacking attack, they could also access sensitive information to monetize, such as Social Security numbers and financial records. Costs to retain external vendors to investigate and respond to such an attack, including IT forensics firms, privacy attorneys, credit monitoring fees, notification and call center costs, may all be covered by a cyber policy.
  • Risk Management — Insurers are demanding supplemental apps for ransomware, biometric questionnaires, engineering calls and perimeter scans. They are increasingly likely to only provide coverage for firms that have strong risk management and preventive controls in place. For example, multifactor authentication for all people and systems is now a requirement for insurability by many carriers.

Contact your HUB cyber risk specialist today to find out how you can best transfer your risk of a cyberattack or to request a risk analysis.