Understanding Cryptojacking and Preventing Cloud Fraud

Robyn Itule
Published in
5 min readSep 12, 2022


The riches of cryptojacking for cybercriminals can mean massive and unexpected cloud costs.

Situational Awareness: Crypto has been PWND

The first critical question to answer is: Why does the Technology Partner Ecosystem need to care about anything to do with cryptocurrencies?

And the oversimplified answer is: For cyber criminals, winning big in crypto comes down to pilfering computing resources to keep their overhead low. And those resources just might be the very ones you federate in the cloud for end users.

The potential result: Eye-popping cloud costs.

Follow the Money

In the first half of 2022, losses as a result of cryptocurrency hacks jumped almost 60% compared to the same period in 2021. A staggering $1.9 billion in assets were stolen from deregulated finance (DeFi) protocols and those funds are now very likely in the hands of bad actors — think sanctioned governments and enterprise-grade criminal organizations — around the globe.

Cryptocurrency hacks are not a small problem. Nor are they necessarily a new problem.

The players and the platforms change, but fraud endures.

From the dawn of time, there’s been fraud. Case in point, dating from around 300 B.C.E. there are records of a practice in Greece called “bottomry,” where sea merchants would secure loans to make repairs on their ships. The merchants — with drachma in hand — would take the money, sell the cargo, sink the ship and make like Pheidippides and run.

Deregulated Finance and the Blockchain are the newest landscape fraudsters are looking to exploit. Instead of heading out to sea, they’re headed to the cloud.

In this article, we’ll explore the meaning, the method and the motive behind cryptojacking and ways to defy DeFi fraudsters.

What is Cryptojacking?

Crypto is a pre-fix for an increasing glossary of terms:

· Cryptocurrency

· Cryptography

· Crypto hacking

· Crypto mining

· Crypto valuation

· Crypto wallet

Cryptojacking is another term worth understanding.

The Meaning

Cryptojacking is the unauthorized use of technology as a resource for the power-demanding requirements of crypto mining. Hackers target any systems they can take over. Once a hacker has accessed a system, they deploy cryptojacking code to work quietly in the background as a resource to mine cryptocurrency.

Reza Honarmand, senior vice president of global hyperscaler transformation at TD SYNNEX, describes it this way:

“Think of it as somebody taking a cable and connecting it to the electricity in your house and basically running a factory off the back of it. Then you get a bill for all the electricity consumption.”

The Method

Crypto mining is a legitimate process by which new cryptocurrency is released into circulation. This happens as miners solve complex computations. Once solved, miners are rewarded, and blocks of verified transactions are added to the blockchain.

The cryptocurrency ecosystem is designed for diminishing returns for miners. Mining gets harder and the rewards get smaller as more competition enters the ecosystem. This makes crypto mining an expensive endeavor because the miner with the most computational capacity and power has the competitive advantage. Scaling crypto mining operations is a pricey prospect and sophisticated fraudsters understand part of the reward equation is keeping overhead costs down.

The software solving mining computations demands an enormous amount of processing power and energy. A single Bitcoin transaction requires an estimated 1,449 kilowatt-hours to complete. This equates to roughly 50 days of power for the average US household.

The Motive

Illicit operations like cryptojacking are designed with surprisingly corporate objectives: reduce costs and increase efficiency to capture a greater share of the market. Power is precious and time is of the essence for cybercriminals to reap the most reward.

According to TD SYNNEX Director of Global Solutions Factory, Matt Hamilton cryptojacking is a high reward cloud fraud tactic, because it’s surreptitious and simple.

“It’s very easy to target someone’s cloud account. And it’s essentially an unlimited line of credit for hackers to steal and mine account credentials.”

It’s so easy that Google’s Cybersecurity Action Team determined 86 percent of compromised cloud accounts are specifically used for cryptojacking and crypto mining.

Because cryptojacking code works in the background, unsuspecting users may not notice significant changes in their systems. Some of the signs — slower performance, overheating — might be symptomatic of a number of issues. One thing that’s sure to get noticed — sky-rocketing cloud computing bills.

Hamilton puts it like this:

“Imagine being a business using $50 a month in cloud computing or applications and finding out your accounts are compromised by receiving a bill for hundreds of thousands or even millions of dollars.”

By the Numbers

The trends appear to correlate. Cloud computing is a rapid, ever-expanding universe.

· In 2020 alone more than 60 percent of businesses migrated workloads to the cloud in response to remote work plans driven by the COVID-19 pandemic.

· By the start of 2022, some assessments indicate as much as 60 percent of corporate data is run or stored in the cloud.

· IT spending forecasts predict close to two-thirds of application software spend will be aimed at cloud technologies by 2025.

This exponential growth — past, present and future — represents fertile ground for fraudsters.

But there is a silver lining to this dark cloud situation. You can mitigate it.

The Mitigation

Dealing with dynamic multi-cloud environments and vulnerabilities originating from a deregulated emerging technology means there is no silver bullet, no full-proof protection and no complete elimination of risk.

When it comes to threats like cloud fraud, being best-in-class is about increasing control, optimizing protections, reducing risk and staying informed.

Step 1: Turn on Multi-factor Authentication (MFA)

Hamilton advises activating MFA controls at the tenant and per-user level. These alerts can be an early warning to investigate for other signs of a cyber incident.

The configurations for MFA vary by provider and product. These can range from straightforward security defaults to conditional access recommendations with sophisticated technical steps and actions.

Hamilton also suggests seeking out technical expertise to avoid multi-factor migraines:

“You need to know what you’re doing to avoid locking yourself out of critical environments or creating unintended security gaps while configuring tenants.”

Step 2: Correct your posture

While cloud computing is a popular way for cybercriminals to activate cryptojacking schemes, there are other areas of vulnerability. A security assessment is always a good idea. Be sure your assessment covers:

· Endpoints

· Servers and network devices

· Cloud Infrastructure

For Reza Honarmand, good security posture is about good partnership.

“One thing every technology partner should realize is the entire IT ecosystem has to respond in real time. Everyone has a role to play in reducing risk when it comes to security and fraud.”

Step 3: Set clear boundaries

Manage and monitor costs in your cloud tenant with alerts, budget thresholds and notifications that apply to the entire subscription. Similar to MFA, these alerts an important tool to surface anomalies in an account earlier rather than later.

Limiting geographies as part of security configuration is another prevention approach. Implementing this strategy can prevent virtual machines from spinning up GPU idioms beyond a specified region can help contain out of control costs.

Straight to the Bulletpoint


· Make money mining

· Pilfer power

· Take over tenants

· Increase invoices

Your Call to Action:

· Activate alerts

· Strengthen security

· Prevention protocol

· Friction for fraudsters