Cryptojacking or malicious crypto mining is a growing business threat. Unlike ransomware and other cyber threats, cryptojacking code hides on computers, mobile devices, and servers and surreptitiously uses a machine’s resources to “mine” cryptocurrencies. Most users don’t notice anything unless it severely slows down the computer’s processing speed.
While ransomware is designed to encrypt your valuable data in return for payment of an unlock code, cryptojacking leaves those assets as the motive is to profit through secretly mining cryptocurrency.
The business impact of cryptojacking code spreading throughout your entire network is additional CPU and memory usage on desktops, laptops, mobile devices, servers, plus increased bandwidth usage on both LAN and WAN.
An Overview of Cryptomining
The actual process of secure cryptocurrency transactions is a resource-intensive process using encrypted wallets and keys. Also, every time a cryptocurrency transaction occurs, the blockchain must be time-stamped and updated to verify the authenticity of the information.
As cryptocurrency transactions are computer resource-intensive, cryptocurrency providers encourage 3rd parties (called crypto miners) to legitimately use their own hardware for the task. These miners earn a small commission for every transaction made on their own hardware running secure crypto mining software.
Hackers have found they can make easy money by stealing the computing resources from victims computers and using that power for the mining. This method is called cryptojacking, and we will cover this exploit next.
What Is Cryptojacking?
Cryptojacking is a malicious form of crypto mining. It is the unauthorised use of someone’s computer or mobile device as a host to then exploit its resources to mine cryptocurrency for profit.
The cryptojacking software aims to use just enough processing power of the infected host machine to mine the cryptocurrency without slowing that machine too much that the user suspects foul play.
Once the crypto mining code loads, it begins to work in the background while its victim continues to work on their device as usual. The only sign may be slower-than-normal performance or a slight latency issue.
How Does Cryptojacking Work?
Hackers have two ways in which they gain access to the victim’s computer to covertly mine cryptocurrencies. One method is to trick the victim into unknowingly load crypto mining code onto their computer. The approach is very much like a phishing attack.
The victim receives what appears to be a legitimate email that encourages them to click a link. The malicious link runs code that delivers a crypto mining script to their device. Then, the script runs in the background as the victim continues to work.
For the second method, the hacker injects a script into an ad or downloadable tool and then delivers it to multiple websites. Once victims either visit the website to download a ‘free’ tool or receives an infected pop-up ad in their browsers, the script executes automatically.
Regardless of the method used, the code runs sophisticated mathematical algorithms on the victim’s computer for cryptocurrency transactions and sends the results to a server controlled by the hacker. Often the hacker uses both methods to maximise the return.
The business risk of cryptojacking is that most crypto mining scripts act as worms that infect other devices connected to the network. They are tricky to locate and remove, making them all the more advantageous for hackers. Finally, the crypto mining code may also include other tools to extract sensitive data from the host for future data theft and ransomware attacks.
Unlike typical malware, cryptojacking scripts do not damage computers or corrupt the victims’ data. What they steal are the CPU processing and memory resources of the device. When it involves only one or two users, the slower performance goes undiagnosed. However, if an organisation has multiple cryptojacked systems, it becomes a burden for IT teams to track and repair the infected systems.
Why Is Cryptojacking Popular?
While there is no definitive way to gauge how much cryptocurrency is mined by hackers through cryptojacking, Securus has found that the practice is common and shows no signs of slowing down.
This type of cybercrime doesn’t require a great deal of technical skill compared to other cybercrime attacks. In addition, cryptojacking remains popular with criminals because it means more money for less risk, perhaps giving it an edge over ransomware.
A ransomware attack may yield one significant payment for each attack, but cryptojacking continues to mine cryptocurrency until it’s discovered. This is incredibly profitable if the cryptojacking script can infect multiple machines on a business network.
There is also less risk of being caught because crypto mining code runs surreptitiously. It often runs for a long time before it’s detected. Even once found, it’s difficult to trace the attack to its source. Also, consider that the attacker’s victims haven’t lost any money or data of their own, so there’s little incentive to identify the source once discovered.
Is Cryptojacking On the Increase?
Cryptojacking is one of the most common online threats due to its ease of execution and has been on the rise since 2017. It promises to be one of the significant security threats in the coming years.
Cryptojackers continue to hone their skills and are hacking more powerful hardware. Recently a group of cybercriminals targeted a European water utility plant and cryptojacked their operational technology network, which affected the management and performance of the facility. (source)
In addition to hacking larger operations with robust hardware, cryptojackers benefit from hacking devices on the network of a small business. Especially if security is lacking, the mining software can quickly spread undetected.
Identifying Cryptojacking on Your Network
For most businesses, detecting if systems have been compromised in a cryptojacking attack can be a challenge. Because crypto mining code evades detection, your IT team must remain vigilant in protecting your systems. The following are some effective methods that we have found that will aid you in detecting cryptojacking before it impacts your productivity.
One of the tell-tale signs of cryptojacking is a decrease in computing performance on any of your computing devices. This includes mobile devices as well as workstations. Encourage your staff to report instances of slow device performance immediately.
Memory and CPU Usage
Your IT team should monitor and analyse CPU and memory usage of all devices on the network and have threshold alerts set up. Staff can also be trained to check their equipment using the Task Manager or Activity Monitor.
Cryptojacking is resource-intensive, and the process often causes computing devices to overheat. Sometimes you may notice that the machine’s cooling fan is running longer than it should. Checking the CPU, memory, and running processes on any overheated devices can be extremely useful.
Changes to Your Website Files
Cybercriminals seek out websites in which they can embed crypto mining code. Be sure to install an anti-spam/anti-malware/anti-virus plugin to protect and monitor your organisation’s websites. Early detection is vital, as it can prevent those using your website from becoming infected.
Monitor Firewall Traffic
Have your IT team monitor firewall traffic and check the traffic logs for any unusual, encrypted traffic activity. Often, IT will detect this type of traffic from multiple laptops or desktops. When coming from those devices and going out to the internet, you will likely find crypto mining code on those machines.
8 Tips for Business To Preventing Cryptojacking
We have put together seven preventative measures that will help you and your IT team better protect your computers, network, and crypto-assets. If you find you need some assistance, Securus Communications are on hand to help.
1. Anti Malware & Anti Phishing
As malware is often used as the first step to infect target computers with malicious code for ransomware attacks, data theft and cryptojacking, your security software needs to help you identify and prevent these malicious scripts.
2. Anti-Crypto Mining Extensions & Endpoint Security
Often, cryptojacking scripts deploy in web browsers. Anti-crypto mining browser extensions are available but ensure you use a trusted download site. Using a modern endpoint security solution is another way to stay one step ahead of the many cybersecurity challenges we face.
3. Use Ad-Blockers
Another common place where crypto mining scripts are embedded is within web ads. Thus, running ad blockers can protect your devices by detecting and blocking malicious crypto mining code and other threats.
4. Centrally Managed Security Software
Your business should use centrally managed security software that can check that all of your devices are running the latest security patches. BOYD devices can be a particular challenge. Also, using central security alerting is vital in the early identification of cyber threats.
6. Be Aware of Cyber Security News
Cybercriminals continuously modify code and come up with new ways to embed those updated scripts onto your computers. Keeping abreast of the latest news and trends can help your IT team detect cryptojacking on your network’s devices. Consider signing up for our Technology Newsletter.
7. Train Your IT Team
Security training for your IT team should include the most current methods for understanding and detecting cryptojacking and other forms of attack. This will allow them to quickly spot the first signs of an attack and immediately take the steps required.
8. Educate Your Employees
IT teams and employees must work together to protect network systems. As part of the regular cybersecurity training, educate your staff to let IT know when their computers are overheating or running slowly. Also, train all staff members on the perils of malware and phishing.
While cryptojacking doesn’t seem to be as threatening as ransomware and other forms of malware that paralyses your business operations, it can impact the performance of an entire network. If left undetected for too long, stolen resources can become just as damaging as stolen data.
In addition, cryptojacking software often has multiple intentions, such as data theft or gathering for future ransomware or other cyber attacks. Your staff and IT teams should be diligent in protecting against all types of cyber threats, including cryptojacking. Securus Communications offers consultancy and several security solutions to help protect your business in this modern age of cybercrime. Please get in touch to discuss your security requirements in more detail.
Technology Insights Newsletter
Includes our FREE 10-page SASE Report
The Securus Technology Insights monthly newsletter for IT decision-makers who need to stay well-informed. We update you on key business areas relating to the technology landscape, best practices and insightful news. Don’t get left behind.
You will also have our insightful Complete Guide To SASE article sent to you for FREE. This is a 10-page deep-dive into the SASE technology, exploring how it can help your business.
By subscribing to our hugely popular monthly Technology Insights newsletter you will receive the 10-page Securus Communications Complete Guide To SASE article direct to your email inbox, right now!