The latest annual security intelligence report released by Microsoft finds that incidents of cryptojacking are on the rise. While reports of such incidents have certainly experienced increased media coverage, the legality of such incidents is far from equal.
Key Takeaways:
- The 24th Microsoft Security Intelligence Report finds incidents of cryptojacking have increased while ransomware attacks have decreased.
- There has also been an increase in reports by news outlets regarding cryptojacking activities
- The nature and legality of such cryptojacking activities varies widely
Reports of cryptojacking are on the rise. Cryptojacking is a general term used to encompass mining activities that use the processing power of a computer mostly without the owner’s consent.
Most recently, Microsoft Korea has reported an increased incidence of cryptojacking. The increase was reported at a press conference in Seoul. by Kim Gwi-ryun, security program manager at Microsoft Korea.
Ransomware 0 – Cryptojacking 1
The findings come from the 24th annual Microsoft Security Intelligence Report. The report highlights the drop in ransomware attacks since 2017, implying that malicious attackers are transitioning to stealthier methods of attacks by implementing cryptojacking.
To establish the incidence rates for cryptojacking worldwide, Microsoft monitored over 750,000 devices in over 150 countries. The worldwide monthly incidence rates were found to be 0.12% for cryptocurrency mining compared to 0.05% for ransomware attacks.
Kim Gwi-ryun noted the impact that cryptocurrency prices have on the incidence of such attacks.
“We have noticed that as the value of cryptocurrency rises and falls, so does the [cryptojacking incidence rates].”
One of the key risks noted in the report regarding cryptocurrency mining attacks is the potential for greater damage to be done. It gives attackers the opportunity to become familiar with the victim’s computing environment and potentially identify additional security flaws.
Consistent with the findings of increased incidence, reports of cryptojacking from major news outlets have also been on the rise. Two Romanian residents have been convicted by the United States Department of Justice after managing to infect over 400,000 computers with a variety of attacks including cryptocurrency mining. The pair posed as companies such as Western Union, Antivirus, and IRS sending emails with attachments. Victims that downloaded the attachments downloaded malware to their device.
50 Shades of Cryptojacking
There are a number of variants of cryptojacking. Tricking someone into downloading malware onto their computer by downloading a file, known as file-based cryptojacking, is just one form.
The other major form is browser-based mining whereby a website owner puts some Javascript code on their website which enables them to mine from visitors computing power. Research from security firm Symantec estimates file-based cryptojacking to generate over twenty times more than browser-based mining. The legality of browser-based cryptojacking is far more ambiguous than file-based cryptojacking.
In a recent court case, a Japanese man was found innocent after running Coinhive on his website, a program which uses the computing power of website visitors to mine. The judge presiding over the case noted that the activity did “not constitute a crime as we cannot say embedding the program was socially unacceptable”. Prosecutors argued that the program was running on visitors computers without their acceptance.
However, in a similar case, a Ukrainian man was arrested for running similar programs on his website which made use of visitors’ CPU and GPU power to mine cryptocurrencies. The site was an educational site and it was also not disclosed that visitors’ computing power was being used to mine cryptocurrencies.
The difference between these cases seems negligible. Both reportedly did not disclose the browser-based mining but one case was found guilty whereas the other was found innocent.
There is no clear legal structure pertaining to cryptojacking. This means that the outcome of such browser-based cases can vary based on the nuances of the jurisdictions as well as the presiding judge and jury.
Although Coinhive is shutting down, one of their proposed value propositions was offering an alternative revenue stream to websites which would usually utilize advertisements. Salon.com, uses such mining programs on their website to offer visitors choices. Visitors can decide to have advertisements displayed on the website which many consider a poor user experience, or they can let the website run a mining script.
The difference in the case of Salon.com is salient. A transparent disclosure to website visitors offering them a choice of viewing advertisements or contributing their computing power to mine cryptocurrencies is acceptable to users and also within the bounds of the law.