Cryptojacking is the use of another person’s computer to mine cryptocurrencies without their permission. Criminals use various means to remotely gain access to target computers. Malware may be introduced to an unsuspecting person’s computer through a malicious link sent via email. Once clicked, the malware loads the crypto mining code on to the computer. Alternatively, the malware may be hidden in websites and online ads such that it automatically executes once loaded in a browser. Once the crypto mining code installs in the victim computer, it runs discretely in the background as the owners continue to use their computer normally.
Cryptojacking has been on the rise. As of February this year, The Bad Packet report found over 34,000 sites running the crypto mining script “coinhive”. With over a billion combined monthly average visits to these sites, the spread of cryptojacking cannot be overlooked.
Another crypto miner “Smominru” was discovered in January. It is estimated to have infected about 0.5 million computers and generated up to 3.6 million dollars mining Monero by the end of January. According to Marc, a threat analyst with WatchGuard Technologies, the practice is in its early stages with a lot of potential for growth and evolution. Therefore, this makes cryptojacking one of the biggest emerging threats to the cryptocurrency ecosystem.
Reasons for Cryptojacking
Making Money Effortlessly
Another reason for the growth is its effectiveness compared to the use of ransomware. While only a portion of the machines infected with ransomware may end up paying, cryptojacking makes use of all the infected computers to generate value through mining. This gives them the opportunity to make more money continuously.
Reduced risk for Hackers
Other than profitability, cryptojacking also reduces risks for the hacker. First, the crypto mining code is able to run in the background for a long time without being detected. Furthermore, if discovered, it is very difficult to trace back to its origin. Victims whose machines have been used also lack the incentive to find the source since the crypto mining code does not steal or encrypt any of their data.
How Cryptojacking Works
As mentioned above, hackers may introduce crypto mining code through links attached to emails or by infecting ads and websites.
Once executed, the code runs the complex mathematical problems on the infected machine. However, nothing is stored on the victim’s computer. Results from the computations are sent to a server controlled by the hacker. The only noticeable effect of cryptojacking is reduced performance on the victim computer. This is because the code secretly uses some of the computer’s processing resources for mining making the CPU slower in executing the user’s commands.
Awareness and Training
For crypto mining code executed through phishing, it is important to create awareness on cryptojacking as a threat and training employees on ways to identify potential emails and links that would introduce malware such as crypto mining code on their machines.
Web Browser Ad-blocking Extensions
Auto-executing code such as those embedded in ads and websites are much harder to detect. Installing ad-blocking extensions on web browsers is an effective way of preventing web-based cryptojacking introduced through ads. There are browser extensions such as NoCoin and MinerBlock which are able to detect and block crypto mining scripts hidden in websites and ads.
Web Filtering Tools
It is also important to keep web filtering tools updated. For example, once a website containing cryptojacking tools is identified, it is important to block users from accessing it. Users also need to maintain their browser extensions to avoid falling prey to corrupt extensions which are sometimes used by hackers to execute crypto mining scripts.
Mobile Device Management (MDM) Solutions
Cryptojacking is not only limited to computers. Mobile devices such as phones and tablets, despite their smaller processing power, are also at risk. There are mobile-device-management (MDM) solutions available that help users manage apps and extensions on their devices, thus minimizing the risk of attack from hackers.
Slow CPU Performance
Cryptojacking makes the victim computers slow in performance. Therefore, when you detect slow performance in your computer, it is important to investigate further in order to identify whether the cause is cryptojacking or otherwise.
Mining is a very CPU intensive process that may lead to overheating of systems. In the long run, this may result in CPU or cooling fun failure.
Deploying a network monitoring solution makes it is easier to detect cryptojacking in an organizations network than it is using consumer end-point solutions often used on personal devices. Data from the network monitoring tools can be analyzed to accurately detect specific threats such as cryptojacking. They also make it possible to trace back that activity to individual users in order to identify which devices are affected.
Responding to Cryptojacking
Once a web-based attack is detected, you should follow these steps:
Kill the browser tab running the crypto mining script. The website’s URL can then be noted and blocked through the company’s web filters.
Browser extensions need to be updated. This is done to remove extensions that are not needed and those that may have been infected with the mining script.
Learn & Adapt
Being in its early stages, it is expected that hackers will continue to find new and innovative ways to execute mining code on unauthorized devices. It is necessary to learn and adapt in order to better understand how attackers gained access to your systems and continually train users on ways to identify emerging cryptojacking attempts and respond appropriately.