Cyberthreats are not only on the rise, they are changing in their targets and scope. With every advancement in cybersecurity, a new form of cyberattack surfaces affecting both individuals and companies. In the last couple of years, digital currencies such as Bitcoin surged in value. As cryptocurrencies became a hot investment, cyberattackers found a way to cash in on it the form of cryptojacking. The attacks seemed to lessen as cryptocurrencies lost their luster and fell in value in 2018. But with Bitcoin recently rebounding to hit its highest point in a year, it is no surprise cryptojackers are again ramping up their attacks.
What is cryptojacking?
Cryptojacking is a form of cyberattack in which hackers use remote computer systems to mine cryptocurrency. Attackers do this by using ransomware-like tactics by poisoning websites using malicious content to load cryptomining code on the victim’s systems. Recent cryptojacking attacks showed that websites can also be infected through online ads containing malicious scripts that auto-execute once loaded in the browser.
For the uninitiated, cryptomining is one of the growing means of earning money. The practice needs huge processing power and system resources to perform. Attackers are therefore using unauthorized systems to perform cryptomining for profit generation. The cryptomining code will be executing in the background of the affected systems without the user’s knowledge, with the only sign being reduced system performance.
How does it work
Cybercriminals can use any traditional means of cyberattack to cryptojack systems. However, among all the methods, hackers have been using the two most common means of cryptojacking to secretly use victims’ computers and processing power to mine the cryptocurrencies. One way is to deliver the malicious payload using traditional phishing tactics. In this method, attackers send legitimate-looking emails to multiple users. When a user clicks on the link present in these emails, the code designed to mine for cryptocurrencies is transferred to the user’s system.
The other most commonly used method for cryptojacking, one that is being used on a larger scale, is to develop malicious browser plugins or ads and deliver them onto multiple websites. Whenever one of these infected ads or pop-ups of a website loads in a system’s browser, that system is then enslaved by the attackers for cryptomining.
Irrespective of the method, the malicious script residing in the victim’s computer runs in the background without the user’s knowledge. The code runs all the complex mathematical operations needed to perform the mining and the extracted results are sent to a server managed by the attackers. Unlike most of other cyberthreats, cryptojacking scripts do not damage, steal, or corrupt the user’s data or the systems. However, they do steal and consume a considerable portion of the CPU’s resources to perform the cryptomining.
Cryptojacking: On the rise
Even though most cryptocurrencies, including Bitcoin, are down from their all-time highs, there still is a huge potential to earn money through cryptocurrency mining. With the increasing usage of cryptocurrencies, the need to mine increases, which provides a reason for the hackers to cryptojack systems.
Although no one knows how many cryptocurrencies were mined through cryptojacking, reports suggest that the practice is still rampant. As per a recent report from Adguard, there is over a 31 percent increase in in-browser cryptojacking. The report also found out that there are over 33,000 websites globally running malicious cryptomining scripts in them. Combined, these websites have over a billion users on a monthly basis — users who could get ensnared by cryptojacking malware.
There are multiple forms of cryptojacking scripts that are in use today. Coinhive and CryptoLoot are some of the most widely used cryptojacking malware.
Preventing and detecting cryptojacking
Despite the best efforts in securing systems, any company or individual can be victimized by cryptojacking. What makes it worse is that cryptojacking is very difficult to detect.
Most antivirus and firewalls scan and search for malware using their signature-based detection mechanisms. Cryptojacking, on the other hand, does not use a signature-based approach, making it even more difficult to detect.
On top of securing every possible endpoint in the company, proper training for employees is essential to detect the signs of cryptojacking. An unforeseen drop in system performance should be the first sign for further analysis. Overheating of systems is also a common symptom of a system affected by cryptojacking scripts.
Deploying a network monitoring solution to monitor and analyze network performance and resource utilization can be a very effective step to detect cryptojacking. Having a common system resource monitor can also help companies analyze the use of system resources and can help in detecting the signs of cryptojacking.
Having the latest web filtering tools, use of endpoint protection capable of preventing and detecting cryptojacking scripts, having a strong ad-blocker or script blocker on browsers utilized by the company can also help defend against cryptojacking.
How to fight back
No matter how secure your systems are or how strong your cybersecurity team is, nothing can guarantee a 100 percent protection against a cyberattack. If you are hit, there are ways you can fight back against this malicious payload on your systems.
Since there has been a substantial rise in cryptojacking in recent times, we now have a bunch of security solutions meant to curb and resolve cryptojacking scripts and malicious payloads. If you have installed network monitors and system resource monitors across your infrastructure, it becomes easier to detect and curb cryptojacking.
Unlike most of the other forms of cyberattacks, cryptojacking does not steal, corrupt, or damage the data or the systems. But be on the alert for browser tabs consuming huge system resources and phishing emails. Updating (or even eliminating) browser extensions and clearing the browser’s cache and cookies regularly can also help flush out some cryptojacking scripts. Malicious websites, infected add-ons, or emails with cryptojacking links must be immediately blocked.
Whether cryptocurrencies go up or down in value, there is still a huge potential for cryptojacking. And since cryptocurrency and cryptomining are still in its infancy, there is still a lot of potential for growth and evolution in the field. Unfortunately, that also means there is the increased likelihood that cryptojacking will remain a major cybersecurity threat not only now, but in the future.