Mining for Virtual Gold: Understanding the Threat of Cryptojacking
Cyber criminals have mastered a new way to attack businesses: through cryptojacking, one of the fastest growing types of cyber-attacks, criminals can siphon an organisation’s computing power to mine cryptocurrency, opening the door to new sources of illicit revenue at the company’s expense.
What is Cryptojacking?
Thousands of cryptocurrencies or “coins” exist today – some, such as Bitcoin, serve as a digital currency with considerable monetary value. Creating certain cryptocurrencies requires the completion of a complex cryptographic puzzle, a process known as cryptomining. A growing number of miners are now simply stealing or “hijacking” the necessary computing power to complete those puzzles from unsuspecting consumers and businesses.
What is the Risk?
Some companies represent particularly strong targets for cryptojacking. These include critical infrastructure companies who consume significant amounts of power; companies that rely heavily on cloud services; and users of Internet of Things devices, which allow miners to quickly amass armies of hijacked devices to mine cryptocurrency at scale.
Cryptojacking can impair performance of infected computer systems, leading to sluggish or crashing computers or overheating of central processing units. And, over time, this can have real financial consequences, as businesses incur costs for higher energy consumption or cloud usage; sooner-than-planned hardware replacement; or additional IT support to address system performance issues. Companies that transfer cryptomining software to unsuspecting third parties have also become the subject of litigation and regulatory scrutiny.
Can Cyber Insurance Help?
Cyber insurance may cover cryptojacking-related losses, such as control system disruption or loss of sensitive information. Cyber insurance may also help cover costs for investigations of cryptojacking events and forensic accounting services for claims preparation.
Whether cyber insurance responds will depend upon the specific policy terms and conditions. Marsh can help our clients review cyber insurance coverage provisions to determine policy response to cryptojacking losses, and to ensure that policies include appropriate claim triggers and loss definitions to capture all possible scenarios.