Cryptojacking: Everything You Need to Know
#1 threat: Cryptojacking dethroning ransomware.
According to the Webroot Threat Reseach Team, cryptojacking accounted for 35% of all cyber attacks in the first 6 months of 2018. But just what is this new #1 threat?
What Is Cryptojacking?
Cryptojacking is a malicious form of cyber attack that hijacks your computer’s processing power to mine cryptocurrency without your knowledge. It can be carried out in two ways:
- The victim clicks on a malicious link, usually in an email, that downloads crypto mining code onto their computer;
Cryptocurrency mining is an essential part of Blockchain Technology. To verify the legitimacy of all transactions entered into the Blockchain database, massive amounts of computing power is required to perform the necessary computations. As a reward for this effort, miners are paid in the mined cryptocurrency and the transaction fee.
Professional mining groups spend great amounts of money buying the correct gear to mine, not to mention having to pay for the huge amount of electricity needed to mine cryptocurrency. Hackers, however, have found a way to avoid these costs.
Hackers are increasingly turning to cryptojacking for an easy, almost risk-free payday. The victim is stuck with the electricity and wear and tear costs, while the hacker gets paid in cryptocurrency and the transaction fee.
Devices other than PCs can also be used for cryptojacking. Smartphones, IoT devices, servers, and network infrastructure can all be hijacked to mine cryptocurrency. In September, SophosLabs found 25 Android apps on the official Google Play Store that contain code to mine cryptocurrency in the background.
Why is Cryptojacking so bad?
On the surface, it may not seem so bad to have your device hijacked to mine cryptocurrency; you haven’t had any files or money stolen, so really, what is the problem?
The biggest problem is that you have been hacked. If your system has this type of malware on it, it’s highly likely that even more malicious programs are hiding on your computer, quietly collecting information and infecting all the systems they need to in order to do the most damage and make the most money.
Another problem with cryptojacking is that it steals your CPU processing resources. Even though some hackers run the program so it uses the least amount of resources to remain undetected, your device is still running its processes higher than what you normally would. Heat from excessive CPU usage causes damage; it will reduce the lifespan of your device and its parts, and could even lead to CPU or cooling fan failures. It can be especially dangerous overheating devices like smartphones and tablets.
The real threat from cryptojacking can be seen when organizations get targeted. If a system has many cryptojacked devices, you not only get the increased electricity costs, but also the cost of additional bandwidth, the loss of critical systems, and the time and money spent by IT support trying to figure out the reason behind performance issues and seemingly faulty equipment.
Why the massive increase?
In 2017, there was an 8,500% increase in cryptominer detections.
In 2018, instances of cryptojacking have increased more than 400% since 2017.
So what exactly is the reason for this sudden, massive increase?
At the end of 2017, cryptocurrency prices reached never before seen highs. At its peak, Bitcoin hit US$19,843. While this price jump would have seen many hackers jumping on the cryptojacking trend, the ease of earning, and the greatly decreased risk of discovery would have led to this trend continuing despite the subsequent drop in cryptocurrency prices.
Several factors contribute to the desirability of cryptojacking:
- The greater level of anonymity offered by cryptocurrencies means hackers are far less likely to be discovered.
- There is no need to interact with your victim in order to get paid.
- There is no need for mules or money laundering.
- There is a greater chance to get paid. With ransomware, you may only receive payment from a small percentage of those infected, with cryptojacking however, everyone you infect is making you money.
- It has great potential for long-term gains.
- All importantly, hackers are making more money for less risk.
How to spot if you’ve been cryptojacked
Because hackers want to squeeze as much money out of their victims are possible, they ensure they remain undetected as long as possible. The smart hackers are going to hide their mining processes or attempt to mask it as something legitimate. They’re also not going to overtax your system so that it draws attention to something being wrong.
However, these few things are often red flags for cryptojacking:
- Your PC runs slower.
- Your cooling fan runs more than normal.
- There is an unexplained spike in your electricity costs.
- There is a sudden increase in complaints within an organization regarding slow computer performance.
Another way to spot cryptojacking is to deploy a network monitoring system. By reviewing all of your web traffic, you have a greater chance of detecting a cryptojacking infection.
Make sure you monitor your own website. All too often websites are hijacked and used for mining without the website owners knowledge. Regularly check any file changes on the web server, and any changes made to your individual pages.
How to deal with cryptojacking
In-browser cryptojacking can be fairly easy to deal with by simply shutting down and blocking the website that was running the mining code.
Trying to remove cryptojacking programs from your computer can be a little bit trickier. While it can be relatively simple for system administrators to remove it by looking for certain patterns and protocols running in your network, this needs to be done cautiously. One particularly vicious program, WinstarNssmMiner, will crash the system and leave the user with a blue screen if you attempt to terminate it.
If your computer or network has been infected, make sure you find out how it happened, and take steps to ensure it isn’t going to happen again. Learn from it and use it to better educate your staff.
How to prevent cryptojacking
Prevention is better than cure.
Ensure you install security capable of detecting known cryptojacking programs before you become a victim. There are also anti-cryptomining extensions for your browser, like ‘NoCoin’ and ‘MinerBlock’, to block the in-browser cryptojacking.
Keep everything updated. Out of date programs are a prime target for hackers to enter your system and install cryptojacking code and whatever else they can get past your defenses. Keep your browser extensions up to date and delete any no longer being used.
One I cannot stress enough is to educate your employees about safe email practices. Unfortunately, the easiest way to hack into a company’s system is still through its employees. Include cryptojacking in your employee threat awareness training, and follow it up with refresher courses as often as practicable.
For a more detailed analysis of cryptojacking, I recommend reading ‘The Illicit Cryptocurrency Mining Threat’ from Cyber Threat Alliance.
Have you or someone you know been a victim of cryptojacking? What methods were used to deal with this malicious threat? Please let me know in the comments.
Natmin Pure Escrow is running an in-depth series concerning Online Frauds and scams to help keep our community informed and safe. To read the rest of the series or to keep up-to-date with our news please head to our Medium page.
To find out more about Natmin Pure Escrow, please visit our website: natmin.io.