Businesses Are Increasingly Falling Victim to a New Cyber Scheme Known as Cryptojacking…
Businesses around the world are increasingly falling victim to cryptojacking – a new cyber scheme where criminals hijack central processing unit (CPU) power from unsuspecting computer users to mine cryptocurrencies. The rapid evolution of cyber threats highlights the importance of regularly updating your company’s cybersecurity and data protection protocols.
Cryptojacking is the latest scheme involving malware spread via fake online advertisements. When a user clicks on the ad, it executes malicious code that allows the attackers to mine cryptocurrency via the user’s browser. More sophisticated attacks can infiltrate vulnerable systems that simply display the illegitimate ad without any involvement by the user.
Some websites allow browser-based cryptomining as a means of generating income. Unlike cybercriminals, legitimate websites use a small percentage of the computer’s resources to run mining code in the background, but only if visitors provide consent. Conversely, hackers use far more aggressive techniques and circumvent security features to remain undetected for as long as possible.
Earlier this year, cryptojacking surpassed ransomware as the number one type of attack on the internet, according to Akouto. The Canadian cybersecurity firm’s servers tracked a 3,500 percent spike in attempted intrusions in March of 2018.
“March was an incredibly active month for the combined malvertising-cryptojacking attack,” said Akouto founder Dominic Chorafakis. “Starting on March 7th, our central monitoring servers recorded a spike in attacks being blocked by managed Intrusion Prevention systems on customer networks,” Chorafakis continued. “The attempts were detected at virtually every site at a rate that was 3500% higher than the months prior. Reports in April showed a decrease in activity but still averaged 700% higher than the first two months of 2018.”
While cybercriminals may not steal data, cryptojacking can result in a loss of productivity for business because it slows systems, makes them use more energy, and may even render them unresponsive. Devices infected with the malware may also suffer from an increase in application crashes and may stop working completely.
Cyber Vigilance Is Essential
Staying on top of cyber threats is increasingly important, as both regulators and customers are holding companies more accountable for lapses in security. In New York, the Department of Financial Services continues to roll out its cybersecurity regulations.
As discussed in greater detail in prior articles, the regulations require that financial service companies “establish and maintain a cybersecurity program designed to ensure the confidentiality, integrity and availability of the Covered Entity’s Information Systems.” The cybersecurity requirements further mandate that covered entities implement cybersecurity policies that are tailored to their unique risks and needs.
Of particular note, entities subject to the DFS regulations must appoint a chief information security officer to implement and enforce the policies. Other requirements under the regulation include: adopting policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties; requiring multi-factor authentication for individuals accessing internal systems who have privileged access or to support functions including remote access; drafting an incident response plan to recover from any cybersecurity event; and conducting annual penetration testing and vulnerability assessments. This February, new annual certification requirements took effect under which a board member or senior officer at all regulated entities must certify annually that the company is in compliance with the DFS cybersecurity requirements.
In New Jersey, Attorney General Gurbir S. Grewal recently announced the creation of a new civil enforcement unit, known as the Data Privacy & Cybersecurity (DPC) Section. The new DPC Section will be housed within the Division of Law’s Affirmative Civil Enforcement Practice Group and will be tasked with enforcing laws that protect New Jersey residents’ data privacy and cybersecurity by bringing affirmative civil actions against violators. Among other priorities, the DPC Section will assume responsibility for the Office’s ongoing investigation into Facebook’s transfer of personal information to Cambridge Analytica. According to Facebook, approximately 1.6 million users in New Jersey were impacted.
In addition to enhanced regulatory scrutiny, businesses also face increased reputational harm in the wake of a cyberattack. Customers now expect companies to have robust data security procedures in place and assign blame when they fall short. Given the risks, businesses should consider taking steps to mitigate the risk of cryptojacking, such as reviewing software patch policies, analyzing website security, and implementing security programs that can block access to crypto mining scripts.
Failing to Comply With NJ Rent Control Exemption May Prove Costly
What Developers Need to Know About New Jersey’s Rent Control Exemption Law to Ensure Entitlement to Exemption for Newly Constructed Multi-family Housing. A property owner in Jersey City is facing a $400 million federal class action lawsuit alleging that the landlord did not follow the procedural steps required to be eligible for exemption from local […]
Crypto Securities Law: When Tokens Become Investment Contracts
The application of traditional federal securities laws to crypto assets continues to evolve. In some cases, the Securities and Exchange Commission (SEC) considers tokens and other digital assets to be securities. This makes them subject to federal securities law, including the Securities Act of 1933 and the Securities Exchange Act of 1934. This classification has […]
The Due Diligence Process for NY Condominiums and Cooperatives
While the New York City real estate market can be extremely competitive, moving too quickly often backfires. Before purchasing a condominium or cooperative in New York City, it is important to do you homework. Purchasing property in NYC can involve a dizzying number of legal issues. These include condo and co-op rules, rent restrictions, and […]
Smart Contract Legal Issues: Drafting Agreements for Blockchain
Smart contracts feature a unique blend of legal agreement and technical code. This innovation has the potential to reshape how business is conducted. At the same time, smart contract legal issues around enforceability, jurisdiction, identity, and compliance are common. The legal framework for these self-executing agreements is still evolving. What Are Smart Contracts? Smart contracts, […]
Are Stay Interviews the Key to Retaining Top Talent?
Retaining top talent continues to be one of the greatest challenges facing employers today. Even in an employer’s market, the loss of a key employee can disrupt operations and result in significant costs. While compensation plays a role, long-term retention often depends on workplace culture, communication, and employee engagement. One increasingly popular strategy for improving […]
Secured transactions form the backbone of a wide range of business dealings, including business loans, mortgages, and inventory financing. Because the stakes are often high and relatively minor oversights can have drastic consequences, lenders and borrowers should thoroughly understand how to form an enforceable security agreement that protects their legal rights. What Is a Secured […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
