Cryptojacking

What Is Cryptojacking?

Cryptocurrencies have become more popular and edging towards the mainstream, the mining of these digital currencies—which uses computing power to solve complex math problem— has given rise to a new form of cyber attack: cryptojacking.

What is the Goal of Cryptojacking?

Cryptojacking may sound like a way to steal someone’s cryptocurrency assets, but it’s a less obvious form of theft. The overarching goal of cryptojacking is to use a person’s or organization’s computing assets to mine cryptocurrency rather than steal existing assets.

Cryptocurrency is unlike traditional forms of money in that it gets created in a truly unique way. You can obtain cryptocurrency as a reward for solving a mathematical problem. Solving the problem adds a new “block” to the blockchain, which is a shared digital ledger that records transactions in a public or private peer-to-peer network.

How Is Cryptomining Done?

While it can be lucrative, cryptocurrency mining is not without risk and financial costs. Cryptomining requires a “rig,” consisting of a run-of-the-mill PC and a powerful graphics processing unit, to crack the math problems and unlock cryptocurrency. The more computing power, the faster this process—but it’s only achieved through a greater outlay of resources.

To mine cryptocurrency faster while minimizing costs, cybercriminals seek to leverage a cost-effective shortcut: They use various tools and techniques in attempts to gain unauthorized access to other computing systems. Since the primary goal of cryptojacking is to maximize profits, if cybercriminals can use someone else’s devices to mine cryptocurrency, they can avoid the expense of a rig and the cost of electricity needed to run and cool their setup.

Bad actors sometimes attempt to gain access to additional computing power by tapping into a company’s IT environment. Cloud computing environments are particularly vulnerable to this scenario.

How Does Cryptojacking Work?

In cryptojacking, cybercriminals use tried-and-tested methods to gain unauthorized access to a system or device.

Three Popular Cryptojacking Techniques

1. Cloud Cryptojacking

Cybercriminals steal an organization’s API keys and gain access to an organization’s cloud services. The hackers then use as much processing power as they can harness to mine digital currencies. In theory, this approach provides them with unlimited resources. In practice, a dramatic increase in activity may alert the cloud provider, so cybercriminals may selectively siphon off smaller amounts of resources from any one organization.

2. File-Based Cryptojacking

Using this approach, cryptojackers introduce malware via an infected file, most commonly by disguising the infected file in an email and tricking a user into opening it through phishing attacks.

3. Browser-Based Cryptojacking

Hackers embed malicious code in a website. Once a user visits that site, the script grants unauthorized access to the user’s device to mine for cryptocurrency.

Regardless of which method is used, a successful attack uses an individual’s or an organization’s IT assets to solve mathematical problems, add blocks to the blockchain, and unlock cryptocurrency.

How Do You Detect Cryptojacking?

Cryptojackers are only successful if they evade detection. And since cryptomining can occur in the background, sophisticated attackers can remain hidden if they consume just a small percentage of a device’s processing power and only engage in mining when the device is not in use by its owner.

Nonetheless, there are warning signs associated with cryptojacking schemes for which to be on the lookout:

Decreased Device or Server Performance

Given the processing power and resulting strain on a device or server that results from cryptomining, a pronounced reduction in a device’s performance could be associated with a cryptojacking attack. It often materializes as a significant and sustained increase in CPU usage.

Overheating Devices

Cryptominers often struggle to keep their mining rigs cool. When they gain unauthorized remote access to a machine, they cannot monitor its temperature, making it easier to detect an infected device. A device operating at a higher temperature than normal may be under the control of a cybercriminal.

Increased Electricity Bills

Depending on the scope of a cryptojacking attack, your organization’s electricity bill may escalate. The jump in costs may come from the increase in electricity consumed by devices or servers. It might also climb due to increased air conditioning costs to cool compromised devices. This is typically a stronger signal for small businesses, which are more likely to see a higher relative increase in electricity use, than for larger organizations.

Quickly Draining Device Batteries

A cryptojacking scheme allows bad actors to switch the strain from their devices to yours. When plugged into an electrical outlet, a device involved in cryptomining will consume more electricity. When not plugged in, the battery will lose power at a far quicker rate than typical. Failing to retain a charge may be a sign that the device is being used to mine digital currency, especially if the device is new or just a few years old.

How Do You Prevent Cryptojacking?

Cryptojacking is a stealthy way to take over your resources, but there are steps you can take to protect your organization.

Educate the Workforce About Cryptojacking Warning Signs

Cryptocurrency is a difficult concept for many to grasp and most people aren’t yet aware of this new type of threat. Instead of focusing on what cryptojacking hopes to accomplish, focus on the warning signs of an attack, such as overheating devices or a lack of battery power. Ensure employees know whom they should notify if their device exhibits specific warning signs of a cryptojacking attack.

Focus on Phishing Emails

Cryptojackers often use emails to deliver cryptomining software. To prevent cryptojacking and other forms of cybercrime, make sure employees exercise caution when opening emails, regardless of the device they use. This is a standard best practice in general for preventing cyber attacks and establishing an organization-wide security culture.

Keep Anti-Virus and Malware Detection up to Date

Since cryptojackers often use malicious email attachments to infect devices, anti-virus and malware detection play an important role in thwarting an attack.

Update Browsers and Keep an Eye on Extensions

Make sure every browser in use is the most current version—it will reduce the risk of cybercriminals being able to insert cryptojacking scripts. Additionally, cybercriminals may disguise cryptomining scripts as applications or extensions, so make sure to scrutinize browser extensions. It might also make sense to install ad-blocking and anti-cryptomining extensions.

Commit to Endpoint Protection

With the proliferation of desktops, laptops, smartphones, and tablets used by a growing mobile workforce, the number of endpoints continues to rise significantly. Every endpoint should include the latest security software, as an unprotected endpoint is simply an invitation for an attack.

Cryptojacking is one of many forms of cyber attacks organizations must guard against. While cryptojacking may seem to be more of a nuisance than a costly threat, the long-term impact of degraded device performance, increases in electricity costs, and damage to servers and devices from constant operation at higher temperatures can have a significant adverse effect on your resources. And cryptojacking may also introduce other forms of malicious code that can exact an even heavier toll.

Cryptojacking and other cyber attacks are a constant worry for organizations. Unfortunately, internal IT teams don’t always have the resources or expertise to fully guard against evolving threats.

Learn how access to security experts and 24×7 coverage will enable you to effectively monitor your organization and prevent cryptojacking, ransomware, and many other cyber threats.

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

CVE-2024-3400: Critical Vulnerability in GlobalProtect Feature of PAN-OS being Actively Exploited

COMPANY