Story image

Exclusive: Why NZ is particularly vulnerable to cryptomining

11 Jul 2018

Cryptomining is the latest cybersecurity threat dominating the headlines, but education and awareness are still lacking among organisations about what it is and how it’s carried out.

This type of cyberattack is particularly insidious as it’s difficult to detect and staff who are not IT savvy can often misinterpret its symptoms as typical machine wear and tear.

SecurityBrief spoke to Malwarebytes CIO and chief security officer Justin Dolly about why Kiwis are more vulnerable to cryptomining, what the current threat landscape looks like in New Zealand, and emerging threats on the horizon.

What are the latest trends in the threat landscape?  

In January, we released a report for A/NZ which referred to the fact that ransomware was still dramatically on the rise, and that was the big bad malware on the block.

Five months later and already, ransomware is falling down the charts, as far as threats go.

We’re seeing a huge increase in cryptomining.

Bad actors are moving away from ransomware, because they’re only getting about 50% efficiency from the ransomware attacks, given that only about half of people compromised by ransomware actually pay the ransom.

So moving to something like cryptomining means they get almost a 100% return on their investment because they can profit from everyone who visits the malicious site. 

I think New Zealand in particular, being big fans of cryptocurrency and having adopted it at a quick pace versus the rest of the world, means that cryptojacking and the mining attacks are taking a pretty big foothold here in New Zealand.

From our standpoint, if you’re running something intelligent on your endpoint that disables these threats and proactively blocks them and makes sure that your business, your enterprise and your customers are being kept safe in a proactive manner as opposed to having to rectify it later and remediate. 

In the second half of 2017, Malwarebytes blocked over 100 million cryptojacking attempts, so it is a big problem.

Why does NZ have a higher-than-average adoption rate of cryptocurrencies?

Normally, adoption of cryptocurrencies has been led by the bad actors, but I think the level of adoption of cryptocurrencies in general has been faster than other financial options in the past.

One of the things that’s interesting about New Zealand is that it’s a nation of business owners as opposed to a nation of large corporations and big companies.

That’s why a lot of technology decisions happen here.

People who are actively running things, they know what’s going on, they know how the business functions, as opposed to large corporations so saving money and being efficient, which people are able to do, are really important to business owners.

Cryptocurrency is easy to use - not frictionless, but they're not difficult to understand, you can adopt it pretty well, it's similar to the adoption of managed service providers (MSPs) to delivering services to a lot of the SMBs here in New Zealand.

Is there a lack of awareness among businesses about the risk of cryptomining attacks?

It's difficult to stay up-to-date on the latest developments in cryptomining attacks and emerging attack vectors.

I think that one of the ways that would allow businesses to have more awareness around it is, there is a lack of legislation around these things - it happens all the time with an emerging technology.

Legislation and oversight, and even a penalty for misuse or from bad events, those things tend to come later.

I know that in New Zealand, there are some conversations happening, and various compliance initiatives.

What is the security risk that the proliferation of Internet of Things (IoT) devices present?

The biggest challenge with IoT is that there's no structure surrounding what their operating systems look like, which components should they be using, whether there's any security in place.

Their only mandate from the manufacturers is, "I want a very lightweight operating system that requires minimal resources to be able to function, and it needs to be tiny.” 

So when something has to be lightweight, and small, and has to just deliver a number of functions, security is not the first thing you're going to work on.

These operating systems are disparate - they're going to be different flavours of Linux, potentially other operating systems.

So there's no low tide as far as sending out what's good and what's not and what should or shouldn't be there.

The industry is not waiting for us to figure this out, it's just going right ahead.

Many of them are storing credentials within the operating system, and they're stored in clear text because the hashing function would take up more memory than it necessarily had.

Nearly all the IoT devices function using Wi-Fi as a transport mechanism, so they usually need to have the Wi-Fi key for your network, whether that's in your business or in your home, so if any of those IoT devices are compromised, at the very least, it has your Wi-Fi credentials, or the key that makes it available to join your Wi-Fi network, and so you really only have to compromise one of these smart devices, and you basically have the whole network.

It's difficult for us to determine with 100% confidence the way to tackle that threat - I sense it will probably be something at the gateway of your Wi-Fi network, and I know that there are some companies who are thinking about a piece of hardware that you could put in your home network.

The attacks are only going to increase, as people buy new technology, just as consumers and businesses buy more technology, this IoT capability is going to be brought into their enterprise or into their home, thereby increasing the risk. 

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.