Dubai: Cybercriminals are rapidly adding cryptojacking as a new avenue to increase its revenue stream and initiate attacks as the ransomware market becomes overpriced and overcrowded, an industry expert said.

Haider Pasha, chief technology officer for emerging markets at Symantec Middle East, told Gulf News that browser-based cryptocurrency mining, also known cryptojacking, is coming back to haunt websites and their visitors.

Last year, he said that coinmining gold rush resulted in an 8,500 per cent increase in detections of coinminers on endpoint computers during the final quarter of 2017.

According to Symantec’s 2018 Internet Security Threat Report (ISTR) report, the UAE is ranked as the third highest country for number of cryptominers in the Middle East and Africa (MEA) region (globally ranked 32nd) while Saudi Arabia is ranked first regionally (globally ranked 19th).

Globally, the US had the largest share of all cryptomining detections in 2017, followed by Japan and Germany.

Pasha said the bad guys are using coinmining malware to steal the processing power of users’ computers and cloud CPU usage to mine cryptocurrencies.

“The average ransom demand dropped to $522 last year, less than half the average of 2016. Even though the number of ransomware variants increased by 46 per cent last year, the number of ransomware families dropped, which suggest that they are innovating less and may have shifted their focus to new and higher value targets,” he said.

According to the report, the UAE was the sixth-most targeted country in MEA for ransomware attacks, down four spots from 2016. Saudi Arabia again experienced the highest number of ransomware detections in the region, maintaining its lead ranking in MEA.

Globally, UAE is ranked 41st with 0.30 per cent of ransomware attacks detected worldwide. Saudi Arabia stood at the 25th spot, with 0.61 per cent of global detections.

“The astronomical rise in cryptocurrency values last year inspired many cybercriminals to shift to coinmining as an alternative revenue source,” Pasha said.

Last year, he said, the most important was Coinhive, a script that was created for web browsers. When people start surfing vulnerable websites, the browsers start mining cryptocurrency — Monero — for the bad guys without the knowledge of the users.

“It is very easy to do,” he said, adding that the bad guys are not implanting a malware for every single host. To maximise revenue, the script is usually placed on high-traffic websites and “sticky” websites.

“All they have to do is infect a website. When users go on to the website, they get infected. When the script is applied to a company’s website, any time a user comes in, the HTML script automatically gets downloaded into users’ machines and automatically engages the CPU for cryptomining,” he explained.

Moreover, Pasha said that even smartphones have not been spared from cryptocurrency mining. Coinminers can slow down devices and overheat batteries, and in some cases, render devices unusable. But the biggest concern for enterprises is that there is a risk of shutting down of corporate networks and inflate cloud CPU usage.

He said that cryptocurrencies like Monero, Ethereum, Ethereum Classic and Dash can be mined using GPU (graphics processing unit) hardware found in many home computers while Monero and Verium Reserve can be more suited to CPU mining.

“Most of the UAE and Saudi Arabian people are tech-savvy and have more Internet of things (IoT) devices. These connected IoT devices are right targets for exploitation. The bad guys can target the IoT devices as well. Symantec has found 600 per cent increase in global IoT attacks last year. The UAE and Saudi Arabia represent the lion’s share of the IT hubs in the region,” Pasha said.

The Symantec report stated that there were 50,000 attacks in 2017 compared to 6,000 in 2016. Pasha sees an increase in cryptomining this year as ransomware is becoming a commodity.


Number of attacks originating from UAE decreases

Dubai: Symantec has seen an improvement in internet security threat profile with number of cybercrime attacks originating from the region decreasing.

According to Symantec’s latest Internet Security Threat Report (ISTR) report, UAE’s global ranking dropped from 51st in 2016 to 52nd in 2017.

In the Middle East and Africa region, UAE’s rank dropped to 9th in 2017 from 10th in 2016.

“Even though the region has seen lesser detections last year, it has increased in some other countries. In the UAE, threats are faced primarily from cryptominers, ransomware and malware,” said Haider Pasha, chief technology officer for emerging markets at Symantec Middle East.

— N.K.C.