Cryptojacking: Can Your Business Avoid It?

Cryptojacking or malicious crypto mining is a growing business threat. Unlike ransomware and other cyber threats, cryptojacking code hides on computers, mobile devices, and servers and surreptitiously uses a machine’s resources to “mine” cryptocurrencies. Most users don’t notice anything unless it severely slows down the computer’s processing speed.

While ransomware is designed to encrypt your valuable data in return for payment of an unlock code, cryptojacking leaves those assets as the motive is to profit through secretly mining cryptocurrency.

The business impact of cryptojacking code spreading throughout your entire network is additional CPU and memory usage on desktops, laptops, mobile devices, servers, plus increased bandwidth usage on both LAN and WAN.

An Overview of Cryptomining

The actual process of secure cryptocurrency transactions is a resource-intensive process using encrypted wallets and keys. Also, every time a cryptocurrency transaction occurs, the blockchain must be time-stamped and updated to verify the authenticity of the information.

As cryptocurrency transactions are computer resource-intensive, cryptocurrency providers encourage 3rd parties (called crypto miners) to legitimately use their own hardware for the task. These miners earn a small commission for every transaction made on their own hardware running secure crypto mining software.

Hackers have found they can make easy money by stealing the computing resources from victims computers and using that power for the mining. This method is called cryptojacking, and we will cover this exploit next.

What Is Cryptojacking?

Cryptojacking is a malicious form of crypto mining. It is the unauthorised use of someone’s computer or mobile device as a host to then exploit its resources to mine cryptocurrency for profit.

The cryptojacking software aims to use just enough processing power of the infected host machine to mine the cryptocurrency without slowing that machine too much that the user suspects foul play.

Through several underhand techniques (especially phishing), a hacker tricks a victim into clicking on a malicious link in an email that installs crypto mining code on the target computer or mobile device. Alternately, the hacker infects a website or digital tool with JavaScript code that then executes once it is loaded in the victim’s browser.

Once the crypto mining code loads, it begins to work in the background while its victim continues to work on their device as usual. The only sign may be slower-than-normal performance or a slight latency issue.

How Does Cryptojacking Work?

Hackers have two ways in which they gain access to the victim’s computer to covertly mine cryptocurrencies. One method is to trick the victim into unknowingly load crypto mining code onto their computer. The approach is very much like a phishing attack. 

The victim receives what appears to be a legitimate email that encourages them to click a link. The malicious link runs code that delivers a crypto mining script to their device. Then, the script runs in the background as the victim continues to work.

For the second method, the hacker injects a script into an ad or downloadable tool and then delivers it to multiple websites. Once victims either visit the website to download a ‘free’ tool or receives an infected pop-up ad in their browsers, the script executes automatically. 

Regardless of the method used, the code runs sophisticated mathematical algorithms on the victim’s computer for cryptocurrency transactions and sends the results to a server controlled by the hacker. Often the hacker uses both methods to maximise the return. 

The business risk of cryptojacking is that most crypto mining scripts act as worms that infect other devices connected to the network. They are tricky to locate and remove, making them all the more advantageous for hackers. Finally, the crypto mining code may also include other tools to extract sensitive data from the host for future data theft and ransomware attacks.

Unlike typical malware, cryptojacking scripts do not damage computers or corrupt the victims’ data. What they steal are the CPU processing and memory resources of the device. When it involves only one or two users, the slower performance goes undiagnosed. However, if an organisation has multiple cryptojacked systems, it becomes a burden for IT teams to track and repair the infected systems.

Why Is Cryptojacking Popular?

While there is no definitive way to gauge how much cryptocurrency is mined by hackers through cryptojacking, Securus has found that the practice is common and shows no signs of slowing down. 

This type of cybercrime doesn’t require a great deal of technical skill compared to other cybercrime attacks. In addition, cryptojacking remains popular with criminals because it means more money for less risk, perhaps giving it an edge over ransomware. 

A ransomware attack may yield one significant payment for each attack, but cryptojacking continues to mine cryptocurrency until it’s discovered. This is incredibly profitable if the cryptojacking script can infect multiple machines on a business network.

There is also less risk of being caught because crypto mining code runs surreptitiously. It often runs for a long time before it’s detected. Even once found, it’s difficult to trace the attack to its source. Also, consider that the attacker’s victims haven’t lost any money or data of their own, so there’s little incentive to identify the source once discovered.

Is Cryptojacking On the Increase?

Cryptojacking is one of the most common online threats due to its ease of execution and has been on the rise since 2017. It promises to be one of the significant security threats in the coming years.

Cryptojackers continue to hone their skills and are hacking more powerful hardware. Recently a group of cybercriminals targeted a European water utility plant and cryptojacked their operational technology network, which affected the management and performance of the facility. (source)

In addition to hacking larger operations with robust hardware, cryptojackers benefit from hacking devices on the network of a small business. Especially if security is lacking, the mining software can quickly spread undetected.

Identifying Cryptojacking on Your Network

For most businesses, detecting if systems have been compromised in a cryptojacking attack can be a challenge. Because crypto mining code evades detection, your IT team must remain vigilant in protecting your systems. The following are some effective methods that we have found that will aid you in detecting cryptojacking before it impacts your productivity.

Decreased Performance

One of the tell-tale signs of cryptojacking is a decrease in computing performance on any of your computing devices. This includes mobile devices as well as workstations. Encourage your staff to report instances of slow device performance immediately.

Memory and CPU Usage

Your IT team should monitor and analyse CPU and memory usage of all devices on the network and have threshold alerts set up. Staff can also be trained to check their equipment using the Task Manager or Activity Monitor.

Overheating

Cryptojacking is resource-intensive, and the process often causes computing devices to overheat. Sometimes you may notice that the machine’s cooling fan is running longer than it should. Checking the CPU, memory, and running processes on any overheated devices can be extremely useful.

Changes to Your Website Files

Cybercriminals seek out websites in which they can embed crypto mining code. Be sure to install an anti-spam/anti-malware/anti-virus plugin to protect and monitor your organisation’s websites. Early detection is vital, as it can prevent those using your website from becoming infected.

Monitor Firewall Traffic

Have your IT team monitor firewall traffic and check the traffic logs for any unusual, encrypted traffic activity. Often, IT will detect this type of traffic from multiple laptops or desktops. When coming from those devices and going out to the internet, you will likely find crypto mining code on those machines.

8 Tips for Business To Preventing Cryptojacking

We have put together seven preventative measures that will help you and your IT team better protect your computers, network, and crypto-assets. If you find you need some assistance, Securus Communications are on hand to help.

1. Anti Malware & Anti Phishing

As malware is often used as the first step to infect target computers with malicious code for ransomware attacks, data theft and cryptojacking, your security software needs to help you identify and prevent these malicious scripts.

2. Anti-Crypto Mining Extensions & Endpoint Security

Often, cryptojacking scripts deploy in web browsers. Anti-crypto mining browser extensions are available but ensure you use a trusted download site. Using a modern endpoint security solution is another way to stay one step ahead of the many cybersecurity challenges we face.

3. Use Ad-Blockers

Another common place where crypto mining scripts are embedded is within web ads. Thus, running ad blockers can protect your devices by detecting and blocking malicious crypto mining code and other threats.

4. Centrally Managed Security Software

Your business should use centrally managed security software that can check that all of your devices are running the latest security patches. BOYD devices can be a particular challenge. Also, using central security alerting is vital in the early identification of cyber threats.

5. Disable JavaScript

When browsing online, disable JavaScript to prevent cryptojacking code from infecting your machine. The downside here is that disabling JavaScript also blocks some of the functions you need to browse.

6. Be Aware of Cyber Security News

Cybercriminals continuously modify code and come up with new ways to embed those updated scripts onto your computers. Keeping abreast of the latest news and trends can help your IT team detect cryptojacking on your network’s devices. Consider signing up for our Technology Newsletter.

7. Train Your IT Team

Security training for your IT team should include the most current methods for understanding and detecting cryptojacking and other forms of attack. This will allow them to quickly spot the first signs of an attack and immediately take the steps required.

8. Educate Your Employees

IT teams and employees must work together to protect network systems. As part of the regular cybersecurity training, educate your staff to let IT know when their computers are overheating or running slowly. Also, train all staff members on the perils of malware and phishing.

Conclusion

While cryptojacking doesn’t seem to be as threatening as ransomware and other forms of malware that paralyses your business operations, it can impact the performance of an entire network. If left undetected for too long, stolen resources can become just as damaging as stolen data.

In addition, cryptojacking software often has multiple intentions, such as data theft or gathering for future ransomware or other cyber attacks. Your staff and IT teams should be diligent in protecting against all types of cyber threats, including cryptojacking. Securus Communications offers consultancy and several security solutions to help protect your business in this modern age of cybercrime. Please get in touch to discuss your security requirements in more detail.

Further Technology Articles