Cryptojacking has been a recent buzz word in the cyber security world. It has been on the radar since August 2017 and had increased by an alarming rate of 8500% by December 2017.
This noticeable increase is mainly due to the fact that cryptojacking is the easiest and most covert way to obtain money from a victim’s machine. It is far more discreet than ransomware, where access to the victim’s files are blocked or encrypted as part of the attack and then the attacker demands a ransom to decrypt the files. In the case of cryptojacking all the attacker has to do is infect a machine and it will generate money without the victim’s knowledge. cryptojacking and crypto mining are very similar, in fact crypto mining evolves into cryptojacking when it is installed or run on a victim’s machine without authorization.
Cryptojacking is the use of computer power to mine cryptocurrency without the prior consent or authorization from its users. This can only be achieved through malicious activities or other means of deception, such as hidden code in the browser that runs undetected.
Browser cryptojacking is more popular among cybercriminals than malware, mainly due to the fact that in-browser cryptojacking requires no installation to run, which makes it very easy to infect users machines and operate.
HOW IT WORKS?
The first method is deceiving the user to open a link or download a file (usually by social engineering), following which the script runs in the background unknown to the victim.
Some attackers would incorporate both methods to maximize their profit from each victim.
Cryptojacking scripts do not have the intention to harm the files of the infected machine, however they cause the machine to operate at a slower rate.
January 2018: a crypto mining botnet infected computers in Russia, India and Taiwan. It is estimated that half-million computers were infected, the amount of mined cryptocurrency was valued at $3.6 million.
February 2018: a cybersecurity firm that operates in Spain was victim to cryptojacking. WannaMine was the script used to infect the machines which was used to mine the cryptocurrency “Monero”.
February 2018: the U.S. and the U.K. government’s websites were used for in-browser cryptojacking. The U.K.’s Information Commissioner’s office website was running the cryptojacking scripts, which also infected any visitor of the website. Furthermore, the American court system website had the same cryptojacking scripts.
February 2018: Tesla Inc. had been affected by cryptojacking when its Amazon Web Services software container was compromised. Such attacks have been reported to have occurred to other companies and organizations dating back to october 2017.
The first sign is that computers perform abnormally slow for their processing power, so if machines have been identified with all of a sudden lower performance, this is red flag and may be an indicator of cryptojacking.
Another indicator is overheating of systems due to the usage of CPU power, especially on mobile devices. Also check for CPU high usage spikes on PCs or mainframes, high CPU usage may also be an indicator of a cryptojacking activity.
Specific network monitoring tools also help companies detect cryptojacking, and many agree that this is the best detection method for large corporates.
HOW TO MITIGATE A DETECTED CRYPTOJACKING INSTANCE
Cryptojacking is a new money generating scheme that has taken over the threat landscape. Users must be aware of this new lucrative method, so they can prevent any cryptojacking from occurring on their machines. Furthermore users should follow the aforementioned recommendations for preventing a cryptojacking incident.
Some individuals would argue that cryptojacking is a victimless crime, the foundation of this argument is that cryptojacking does not steal the confidential information of the target nor does it harm their files, this argument is unsound; crypto mining can harm your machine, in some cases it was reported there was physical damage to some of the victim machines due to the high usage of the processing power. In addition to that, the device will perform poorly and with a significantly lower remaining processing power.