The Growing Threat of Cryptojacking and How to Combat It
Cryptojacking has surged in the last two years as the value of the cryptocurrency market has skyrocketed. There were more than 51 million cryptojacking attacks in the first half of 2021 alone, according to the SonicWall Cyber Threat Report. Many attacks go unreported.
In a cryptojacking attack, cybercriminals use malware to gain unauthorized access to systems and steal computer resources. They use the processing power of victim machines to mine cryptocurrency without buying sophisticated hardware themselves. The cryptojacking code works in the background, making money for the attackers while causing performance lags and other problems for victims.
Cryptojacking can be quite lucrative. Every time cryptocurrency is traded, the transaction is recorded in the blockchain ledger. Crypto miners race to be the first to come up with the 64-digit hexadecimal number that verifies the transaction. There are trillions of possibilities, so crypto miners must generate billions of these “hashes” each second. The miner who completes the task first earns 6.25 Bitcoins. According to a report by Guardicore Labs, a group of Chinese cryptojackers harnessed 50,000 servers and made up to $10,000 per day.
How Cryptojacking Works
Cryptojackers use two primary techniques. One method is to lure the victim into clicking on a malicious link in a phishing email, which installs a cryptomining script on the computer. The other is to embed the script in a website or popup ad, which automatically executes the script when the victim views it. The installed script is more reliable long term, but many hackers use both techniques to increase their odds of success.
In a cryptojacking attack, cybercriminals use malware to gain unauthorized access to systems and steal computer resources.
Some cryptojacking scripts have worm-like capabilities that allow them to spread throughout a corporate network. The code might include multiple versions to run on different types of machines. Cryptojackers also use botnets to automate their activities across multiple devices. Google has alleged that the “Glupteba” botnet has infected more than a million computers and weaponized blockchain to hide its activities.
Cryptojackers also “compete” for computing resources. Some cryptomining scripts will look for and disable another cryptojacker’s malware on the victim machine. According to AT&T Alien Lab, scripts may have “kill” prevention mechanisms to prevent this from happening.
How to Prevent Cryptojacking
Cryptojacking may seem like a “victimless” crime because it does not steal data or cause downtime and business disruption. However, it causes performance problems that sap productivity and frustrate users, and can shorten the lifespan of equipment. It drains batteries and increases electricity costs. In many cases, organizations waste time and money trying to figure out what is causing these problems.
Detecting cryptojacking can be difficult. Many cryptojacking scripts disable antivirus software or embed themselves into system processes or other code. Some halt their activities while the victim is using the machine. One particularly nasty script crashes the computer if the victim tries to remove the malware.
However, it is possible to reduce the risk of a cryptojacking attack:
- Educate users on how to spot phishing attempts so they will be less likely to click on malicious links. Security awareness training programs should also encourage users to report unexplained performance problems. Train your help desk staff, too, so they know what to look for.
- Ensure that your endpoint protection solution can detect cryptomining, and install anti-cryptomining and ad-blocking extensions on web browsers. Also, keep web filtering tools up-to-date with lists of known cryptojacking sites, and periodically review browser extensions for malicious code.
- Continually monitor the network for indications that a cryptojacking script is communicating with an external server. Also, monitor for web-delivered scripts and kill any browser tab that runs a script.
GDS is here to help you protect your business from cryptojacking and other attacks. Let our experts help you develop and execute a comprehensive cybersecurity strategy.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.