Magazine menu Close Magazine menu

Safer business

Cryptojacking could be costing your business and the Earth

In a world of high emissions and energy bills, illegal cryptocurrency mining is the last thing business needs. Act now to avoid being exploited.

Author

Maria Losyukova

Art by

Tanya Stovold

Published on

Jun 7, 2023

minute read

Share article

Art by

Tanya Stovold

Share article

cryptomining

As you read this, a cybercriminal could be stealing your business’s electricity and computer processing power. ‘Cryptojacking‘ means high energy bills for business and a big environmental impact everyone wants to avoid.

Cryptojacking is illegally using another’s devices for the power needed to mine cryptocurrencies like Bitcoin. The threat is already common and fast-growing, costing business billions worldwide and responsible for significant, unnecessary greenhouse gas emissions. So, what can you do to stop it?

How cryptojackers compromise your servers and devices

To use your processing power, cryptojackers must sneak mining malware into your systems. They may enter your equipment thanks to leaked login details, brute force or through unpatched vulnerabilities in your operating system and other software. They may also get crypto-mining malware in through USB flash drives or network storage. Once inside, it spreads in a worm-like way.

insight story smart grids

Related article

As bills rise, smart businesses are saving with smart energy tech

Two business leaders explain how they’re applying smart energy tech to save big on energy bills and reduce emissions.

  • Digital transformation
  • min read
    • Alongside emissions reduction goals, energy prices have hoisted reducing energy consumption to the top of business agendas. In the UK, between 2022 and 2023, electricity prices rose 67 percent and gas prices 129 percent. In the US, energy prices are up as much as 40 percent. It's no longer a case of, should businesses cut their energy use, but how? Many organizations are looking for technologies that can help them better control their power use and use more renewable energy. As I wrote in this primer on electricity's history, a shocking 13 percent of the world's population, mostly in sub-Saharan Africa, have no access to electricity. Could more business investment in renewables help to bridge the gap? Kaspersky's new podcast, Insight Story, unpacks emerging tech trends with global specialists and businesses successfully using the tech. Episode 2 looks at smart energy. I speak with Feroz Koor, Group Head of Sustainability at Woolworths Holdings. South Africa and Singapore-based Nilesh Jadhav, Founder and CEO of BtrLyf creators Qi Square, and former Programme Director, EcoCampus initiative, Nanyang Technological University. BtrLyf is an "AI-enabled assessment and marketplace platform to plan and achieve super-low energy, net zero and green certified buildings, quickly and at super-low costs." It creates 'digital twins' that let businesses model a range of energy conservation measures to find out what will work best.  Slashing grocery energy bills Woolworths has some 1,400 stores in Sub-Saharan Africa, Australia and New Zealand selling groceries, clothing, homeware and more. "Retail food businesses have a large energy footprint," says Feroz. Sustainability data science experts ESource says energy costs make up around 15 percent of food retail overheads. Feroz's company opted for smart tech to become more energy-efficient. "We've sub-metered all our stores with smart meters. There are different meters for lighting, refrigeration and air conditioning for example, so we can see what's driving consumption." The tech isn't cheap but paid for itself fast. Feroz recounts a huge discovery: "After metering one store in a new shopping center, we found we were being billed for other stores' electricity – the meters paid for themselves on the first day by proving it. We often use smart meter data to challenge incorrect billing – you'd be surprised how common it is." Meanwhile, the meters helped identify small changes that could save a lot of power. From smarter stores to smarter buildings Nilesh Jadhav, Founder of Qi Square who created BtrLyf, says, "Our customers want to improve their energy efficiency and reduce reliance on imported energy. Our platform makes the data available. So far, we've made digital models of 20,000 buildings in Singapore." Modeling their buildings gives businesses an approachable window on a daunting task. "If businesses can do an initial assessment of how they could save energy today, then how they could go to net zero [greenhouse gas emissions,] they can see the bigger picture." Woolworths is approaching a similarly daunting task – to use 100 percent sustainable energy by 2030. Feroz says, "We've made the commitment because it's the right thing to do, but we've got our work cut out for us. We have several options, like self-generation at shopping center level or sourcing from independent bulk producers. We're looking at wheeling, where you buy energy from a producer who then 'wheels' it through a distribution network. " From smarter buildings to smarter energy grids Increasingly nations and energy companies are making electricity smarter at grid level, aiming to reduce emissions and improve energy security. Smart grids can detect and react to customer use patterns, empower consumers to be more energy efficient and encourage renewable energy production by buying excess. All this can maximize renewable energy use and minimize the use of fossil fuel to generate electricity. Nilesh continues, "Microgrids take it to a system level using central energy management software and batteries to manage fluctuations." Smart grids also enable a market that incentivizes renewable energy production. Nilesh says, "If you can't put solar panels on your roof but your neighbor can, you could make a power purchase agreement (PPA). Singapore also has a market for renewable energy credits: You can buy these credits instead of buying electricity directly. If I want renewable energy but can't pay upfront for solar panels, buying renewable energy credits encourages third parties to invest, then sell the power." Securing smarter energy solutions Fabio Assolini, Head of Kaspersky Global Research and Analysis Team for Latin America, advises companies and nations to approach smart energy tech with due caution. "We've seen destructive attacks on civilian energy infrastructure – not just power grids, but their systems too." Fabio says over the years, these kinds of attacks are increasing. In 2021, a ransomware attack shut down a major US fuel pipeline. The same year, IBM reported energy was the third most attacked sector. Kaspersky threat predictions for 2023 foresee hacker groups carrying out high-profile cyberattacks on civilian infrastructure – such as energy grids and public broadcasting – using advanced persistent threats (APTs.) Critical infrastructure makes an attractive target for cybercriminals because of how much disruption successful attacks cause. Fabio suggests businesses pay attention to the security of their in-house energy infrastructure, as it may be particularly vulnerable. "Corporate and personal power grids are not as well protected as national infrastructure. They're often connected to the internet using older, more vulnerable hardware, and software not readily updated. Do a full security audit before launching a microgrid or smart grid." The future of smart energy for business Nilesh sees smart energy tech evolving through user participation. "On the tech side, I hope it'll go the same way as the smartphone: More resources for companies and innovators to make applications that sit on a central platform. Users could then adopt energy management tech faster. Over time, you'll see more participation from consumers." On the energy side, he thinks peer-to-peer energy sales are the future. "More people will be 'prosumers:' Consuming and producing energy and being paid for excess. Everyone will have better energy-buying options." Feroz has simple advice for businesses wanting to reduce their energy footprint. "Start now. The sooner you start doing something, whether it's just understanding your footprint or what your needs are, the better." Listen to the full Insight Story audio series on Podbean or your usual podcast provider.

What cryptojacking costs business

We’ve all seen news reports of falling cryptocurrency values, but it’s still worthwhile for cybercriminals to mine cryptocurrency if they get electricity and processing power for free. But it takes a lot of electricity and processing power to make little gain – a hefty 53 US dollars of system resources for 1 US dollar in crypto earnings.

And it’s common. In 2022, Kaspersky research found cryptojacking accounted for more than 5 percent of attacks on internet-connected computers. In the same year, Kaspersky software detected nearly 30 million cryptojacking attempts aimed at business systems.

Environmental impact of cryptojacking

Its sky-high energy use should make preventing cryptojacking part of your corporate social responsibility (CSR) strategy.

By foiling cryptojacking attempts, Kaspersky’s software prevented up to 3,000 tons of carbon being emitted in a year – equivalent to more than 650 cars.

What to ask your IT director about

While cryptojacking’s high computational power requirements reduce device performance, the reduction isn’t always obvious to users, so preventing cryptojacking requires work on multiple fronts.

IT should regularly audit the corporate network looking for anomalies across every endpoint, including easily overlooked queue management systems, point-of-sale terminals and vending machines, which cryptojackers have been known to target.

Your business should use proven endpoint security that gives multi-level, comprehensive protection, including behavioral detection that can roll back  malicious actions. Cybersecurity education for all employees (not just IT) is paramount, making sure staff follow best practice so they don’t unwittingly give away system access.

Cryptojacking is a damaging and wasteful threat leading to unnecessary greenhouse gas emissions and high electricity bills for businesses already challenged by high energy costs. With widespread staff cybersecurity education and the right solutions protecting your business, cybercriminals won’t be able to exploit your precious processing power.

Keywords

Endpoint security for enterprise

Protect your endpoints against cryptojacking and other attacks targeting larger businesses and organizations.

See solution

About authors

Maria Losyukova

Maria Losyukova oversees sustainability and related projects at Kaspersky. She leads ecology initiatives through to volunteering efforts, including joint projects with non-governmental organizations around the world and environmental, social and governance (ESG) reporting. Maria also has a second rewarding but more stressful job - raising two girls.

More articles by Maria

Suggested articles

by Innovating leaders.
Innovative tech.
About Secure Futures

Secure Futures magazine is your go-to business guide for opinions, trends and insight into the world of technology and cybersecurity. We help your business to bring on the future. Brought to you by Kaspersky, the global cybersecurity experts.

  • For all other countries