Businesses Are Increasingly Falling Victim to a New Cyber Scheme Known as Cryptojacking…
Businesses around the world are increasingly falling victim to cryptojacking – a new cyber scheme where criminals hijack central processing unit (CPU) power from unsuspecting computer users to mine cryptocurrencies. The rapid evolution of cyber threats highlights the importance of regularly updating your company’s cybersecurity and data protection protocols.
Cryptojacking is the latest scheme involving malware spread via fake online advertisements. When a user clicks on the ad, it executes malicious code that allows the attackers to mine cryptocurrency via the user’s browser. More sophisticated attacks can infiltrate vulnerable systems that simply display the illegitimate ad without any involvement by the user.
Some websites allow browser-based cryptomining as a means of generating income. Unlike cybercriminals, legitimate websites use a small percentage of the computer’s resources to run mining code in the background, but only if visitors provide consent. Conversely, hackers use far more aggressive techniques and circumvent security features to remain undetected for as long as possible.
Earlier this year, cryptojacking surpassed ransomware as the number one type of attack on the internet, according to Akouto. The Canadian cybersecurity firm’s servers tracked a 3,500 percent spike in attempted intrusions in March of 2018.
“March was an incredibly active month for the combined malvertising-cryptojacking attack,” said Akouto founder Dominic Chorafakis. “Starting on March 7th, our central monitoring servers recorded a spike in attacks being blocked by managed Intrusion Prevention systems on customer networks,” Chorafakis continued. “The attempts were detected at virtually every site at a rate that was 3500% higher than the months prior. Reports in April showed a decrease in activity but still averaged 700% higher than the first two months of 2018.”
While cybercriminals may not steal data, cryptojacking can result in a loss of productivity for business because it slows systems, makes them use more energy, and may even render them unresponsive. Devices infected with the malware may also suffer from an increase in application crashes and may stop working completely.
Cyber Vigilance Is Essential
Staying on top of cyber threats is increasingly important, as both regulators and customers are holding companies more accountable for lapses in security. In New York, the Department of Financial Services continues to roll out its cybersecurity regulations.
As discussed in greater detail in prior articles, the regulations require that financial service companies “establish and maintain a cybersecurity program designed to ensure the confidentiality, integrity and availability of the Covered Entity’s Information Systems.” The cybersecurity requirements further mandate that covered entities implement cybersecurity policies that are tailored to their unique risks and needs.
Of particular note, entities subject to the DFS regulations must appoint a chief information security officer to implement and enforce the policies. Other requirements under the regulation include: adopting policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties; requiring multi-factor authentication for individuals accessing internal systems who have privileged access or to support functions including remote access; drafting an incident response plan to recover from any cybersecurity event; and conducting annual penetration testing and vulnerability assessments. This February, new annual certification requirements took effect under which a board member or senior officer at all regulated entities must certify annually that the company is in compliance with the DFS cybersecurity requirements.
In New Jersey, Attorney General Gurbir S. Grewal recently announced the creation of a new civil enforcement unit, known as the Data Privacy & Cybersecurity (DPC) Section. The new DPC Section will be housed within the Division of Law’s Affirmative Civil Enforcement Practice Group and will be tasked with enforcing laws that protect New Jersey residents’ data privacy and cybersecurity by bringing affirmative civil actions against violators. Among other priorities, the DPC Section will assume responsibility for the Office’s ongoing investigation into Facebook’s transfer of personal information to Cambridge Analytica. According to Facebook, approximately 1.6 million users in New Jersey were impacted.
In addition to enhanced regulatory scrutiny, businesses also face increased reputational harm in the wake of a cyberattack. Customers now expect companies to have robust data security procedures in place and assign blame when they fall short. Given the risks, businesses should consider taking steps to mitigate the risk of cryptojacking, such as reviewing software patch policies, analyzing website security, and implementing security programs that can block access to crypto mining scripts.
Key provisions in your contracts, including those relating to indemnification, insurance, and defense, are essential to contract risk management. While sometimes considered “boilerplate,” these provisions play a pivotal role when determining which party is responsible for certain costs and liabilities. They must always be negotiated and drafted carefully. Indemnification Clauses Businesses should never overlook the […]
Portability of estate and gift tax enables a surviving spouse to inherit any unused portion of their deceased spouse’s federal estate and gift tax exemption. So, if one spouse doesn’t utilize their full exemption, the surviving spouse can effectively double their exemption amount with regard to estate tax liability. For married couples, portability offers a […]
Pet Trusts in New Jersey and New York: A Practical Estate Planning Tool
For many of us, pets are more than companions—they are members of the family. Yet they are often overlooked or inadequately provided for when it comes to estate planning. A pet trust offers a legally enforceable way to ensure that your animal continues to receive proper care if you become incapacitated or pass away. As […]
For many New Jersey business owners, a closely held company represents decades of work, financial investment, and personal sacrifice. Trusts in business succession planning are one of the most effective tools for protecting that value, allowing founders to control how and when the business passes to the next generation while reducing the risk of disputes, […]
Read Before You Sign: IT Contract Pitfalls Every NJ Business Should Know
In today’s digital economy, New Jersey businesses of all sizes rely heavily on technology vendors, software providers, cloud platforms, and managed IT services. Whether your company is purchasing software, migrating data to the cloud, engaging a cybersecurity consultant, or entering into a long-term managed services agreement, a careful IT contract review can have significant operational, […]
Non-disclosure agreements (NDAs) remain a critical tool for protecting sensitive business information. However, New York NDA requirements have evolved, and businesses must ensure these agreements are carefully drafted to remain enforceable. In a competitive market like New York City, NDAs are commonly used to protect proprietary information, client relationships, and strategic plans. At the same […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
