Responding to the shift from ransomware to crypto-mining
Surprising new exposure: Hackers now realize that a company's electricity is an asset they can steal and monetize.
Ransomware was on everyone’s lips in 2017. Estimated damage from ransomware attacks in 2017 was $5 billion. That’s 15 times the $325,000 million in damages logged 2015, just 2 years earlier, according to Cybersecurity Ventures.
In the insurance industry, underwriters and claims managers have made ransomware central to cyber policies while improving coverage and augmenting prices.
However, midway through 2017, the security industry started to note a major shift in the nature of cyber attacks as hackers began to move away from ransomware and into crypto-mining.
See also: Blockchain technology: Balancing benefits and evolving risks
Rising threat
Crypto-mining, or coin-mining, is a malware that takes over computational resources in your machine and employs it to mine for cryptocurrency. According to the malwarebytes blog, in mid-2017, 70% of attacks were ransomware, while crypto-mining was less than 5%. By the end of 2017 however, crypto-mining jumped to 50% of attacks, while ransomware dropped off a cliff to as low as 10% of attacks.
A leading theory is that ransomware is not generating as much revenue as hackers had hoped. In other words: Victims are not paying. WannaCry, for example, was one of the largest ransomware campaigns in history with more than 300,000 machines infected. Yet reports estimate that it only yielded $140,000 in revenue.
By the second half of 2017, on the other hand, about $7 million worth of cryptocurrencies were mined via botnet malware. And as this trend continues in 2018, we expect more than $20 million in cryptocurrency to be mined via malware.
To generate meaningful returns from a crypto-mining attacks, a hacker needs to take over a lot of computation resources. The simple approach is to create a botnet, by infecting numerous end-point computers. The biggest risk profile, however, is to companies who have major computing resources, either in dedicated or shared server capacity. Oracle experienced such an attack earlier this year. On January 11th 2018, for instance, attackers made $226,000 installing Monero-mining malware on Oracle WebLogic servers.
Surprising new exposure
Every attack costs an organization money: They need to take care of the incident, and if sensitive data was on the systems, run forensics, and consult with a breach lawyer. Crypto-mining in itself, does not jeopardize the integrity of a company’s systems or data, unless it’s bundled with other malicious tools, which it often is.
The interesting wrinkle? Mining cryptocurrency consumes a lot of electricity.
Electricity costs for Bitcoin (BTC) mining are 58% of the value of the coin, while other coins like Monero (XMR) are a lot less efficient with electricity costs at 84% of the value of the coin. These coins require so much electricity, they are uneconomical to mine legally.
In other words, hackers now realize that a company’s electricity is an asset that they can steal an monetize.
Applied to the $20 million in coin value expected to be generated this year through crypto-mining, we expect organizations to incur $12-15 million in stolen electricity costs in 2018.
This is not a big exposure yet, but in some specific attacks, the cost can be meaningful. In the case of Oracle breach mentioned above, the electricity costs from the attack are estimated at $190,000, and add up to the cost of response and remediation.
Looking ahead
Forward-thinking cyber insurers should offer electricity spike reimbursement in its policy. Unfortunately, electricity costs are not covered under most cyber insurance policies. Most brokers and clients are not even aware of this exposure, don’t look for it and subsequently never file claims for it.
Rotem Iram (rotem@at-bay.com) is the founder and CEO of the cyber insurance start-up At-Bay.
The opinions expressed here are the writer’s own.
Read more columns by Rotem Iram:
Here’s how businesses can prepare for future cyber attacks