One recent threat report on South-east Asia’s small- and medium-sized enterprises reveals the number one lurking threat.

We often hear of high-profile ransomware attacks and data exfiltration hacks, but one cybersecurity firm’s client base has seem more attempted cryptomining hacks than all phishing and ransomware incidents combined.

In South-east Asia (SEA), Kaspersky blocked 8,926,117 last year, while blocked phishing and ransomware attacks numbered 2,890,825 and 804,513 respectively. The cryptomining incidents in 2019 were even higher, at 13, 247,796 detections.

Unlike ransomware attacks which tend to be more frightening and need to be mitigated quickly, cryptominers are stealthier: the longer they are remain undetected, the greater the long-term profits to hackers.

Some tell-tale signs that personal devices are being used illegally by cryptominers include system response slowing down due to the workload strain; an increase in power consumption causing the battery to deplete at a faster pace or electricity bills skyrocketing; and unexplained significant data usage. 

According to the firm’s Malware Analyst Team Lead, Evgeny Lopatin: “We have seen a decrease in miner attacks around the world and the same trend applies to SEA, too. The main factor behind the decreasing number of attacks had been the declining cost of cryptocurrencies until recently.” 

In the region, most of the cryptomining attempts monitored by Kaspersky were observed in Indonesia and Vietnam for two consecutive years, accounting for almost 71% in 2020 and 80% in 2019 of all attempted incidents in SEA. Also, according to the firm’s General Manager Yeo Siang Tiong, small- and medium-sized enterprises (SMEs) are less vigilant about crytomining attacks: “Cybercriminals have long realized that infecting servers is more profitable than mining on home users’ computers so SMEs should take this silent threat seriously.”

So, if business owners and staff are working remotely, yet the office power bill grows unusually high, check the IT backend. There may be cryptominer lurking within.