It should come as no surprise that as cryptocurrencies become more popular and edge towards the mainstream, the mining of these digital currencies—which uses computing power to solve complex math problem— has given rise to a new form of cyber attack: cryptojacking.
Cryptojacking may sound like a way to steal someone's cryptocurrency assets, but it's a less obvious form of theft. The overarching goal of cryptojacking is to use a person’s or organisation’s computing assets to mine cryptocurrency rather than steal existing assets.
Cryptocurrency is unlike traditional forms of money in that it gets created in a truly unique way. You can obtain cryptocurrency as a reward for solving a mathematical problem. Solving the problem adds a new "block" to the blockchain, which is a shared digital ledger that records transactions in a public or private peer-to-peer network.
While it can be lucrative, cryptocurrency mining is not without risk and financial costs. Cryptomining requires a “rig," consisting of a run-of-the-mill PC and a powerful graphics processing unit, to crack the math problems and unlock cryptocurrency. The more computing power, the faster this process—but it’s only achieved through a greater outlay of resources.
To mine cryptocurrency faster while minimising costs, cybercriminals seek to leverage a cost-effective shortcut: They use various tools and techniques in attempts to gain unauthorised access to other computing systems. Since the primary goal of cryptojacking is to maximise profits, if cybercriminals can use someone else's devices to mine cryptocurrency, they can avoid the expense of a rig and the cost of electricity needed to run and cool their setup.
They don’t stop there. Bad actors sometimes attempt to gain access to additional computing power by tapping into a company's IT environment. Cloud computing environments are particularly vulnerable to this scenario.
How Does Cryptojacking Work?
In cryptojacking, cybercriminals use tried-and-tested methods to gain unauthorised access to a system or device.
Three Popular Cryptojacking Techniques
1. Cloud Cryptojacking
Cybercriminals steal an organisation's API keys and gain access to an organisation's cloud services. The hackers then use as much processing power as they can harness to mine digital currencies. In theory, this approach provides them with unlimited resources. In practice, a dramatic increase in activity may alert the cloud provider, so cybercriminals may selectively siphon off smaller amounts of resources from any one organisation.
2. File-Based Cryptojacking
Using this approach, cryptojackers introduce malware via an infected file, most commonly by disguising the infected file in an email and tricking a user into opening it through phishing attacks.
3. Browser-Based Cryptojacking
Hackers embed malicious code in a website. Once a user visits that site, the script grants unauthorised access to the user's device to mine for cryptocurrency.
Regardless of which method is used, a successful attack uses an individual's or an organisation's IT assets to solve mathematical problems, add blocks to the blockchain, and unlock cryptocurrency.
How Do You Detect Cryptojacking?
Cryptojackers are only successful if they evade detection. And since cryptomining can occur in the background, sophisticated attackers can remain hidden if they consume just a small percentage of a device's processing power and only engage in mining when the device is not in use by its owner.
Nonetheless, there are warning signs associated with cryptojacking schemes for which to be on the lookout:
Decreased Device or Server Performance.
Given the processing power and resulting strain on a device or server that results from cryptomining, a pronounced reduction in a device's performance could be associated with a cryptojacking attack. It often materialises as a significant and sustained increase in CPU usage.
Cryptominers often struggle to keep their mining rigs cool. When they gain unauthorised remote access to a machine, they cannot monitor its temperature, making it easier to detect an infected device. A device operating at a higher temperature than normal may be under the control of a cybercriminal.
Increased Electricity Bills
Depending on the scope of a cryptojacking attack, your organisation's electricity bill may escalate. The jump in costs may come from the increase in electricity consumed by devices or servers. It might also climb due to increased air conditioning costs to cool compromised devices. This is typically a stronger signal for small businesses, which are more likely to see a higher relative increase in electricity use, than for larger organisations.
Quickly Draining Device Batteries
A cryptojacking scheme allows bad actors to switch the strain from their devices to yours. When plugged into an electrical outlet, a device involved in cryptomining will consume more electricity. When not plugged in, the battery will lose power at a far quicker rate than typical. Failing to retain a charge may be a sign that the device is being used to mine digital currency, especially if the device is new or just a few years old.
How Do You Prevent Cryptojacking?
Cryptojacking is a stealthy way to take over your resources, but there are steps you can take to protect your organisation.
Educate the Workforce About Cryptojacking Warning Signs
Cryptocurrency is a difficult concept for many to grasp and most people aren’t yet aware of this new type of threat. Instead of focusing on what cryptojacking hopes to accomplish, focus on the warning signs of an attack, such as overheating devices or a lack of battery power. Ensure employees know whom they should notify if their device exhibits specific warning signs of a cryptojacking attack.
Focus on Phishing Emails
Cryptojackers often use emails to deliver cryptomining software. To prevent cryptojacking and other forms of cybercrime, make sure employees exercise caution when opening emails, regardless of the device they use. This is a standard best practice in general for preventing cyber attacks and establishing an organisation-wide security culture.
Keep Anti-Virus and Malware Detection up to Date
Since cryptojackers often use malicious email attachments to infect devices, anti-virus and malware detection play an important role in thwarting an attack.
Update Browsers and Keep an Eye on Extensions
Make sure every browser in use is the most current version—it will reduce the risk of cybercriminals being able to insert cryptojacking scripts. Additionally, cybercriminals may disguise cryptomining scripts as applications or extensions, so make sure to scrutinise browser extensions. It might also make sense to install ad-blocking and anti-cryptomining extensions.
Commit to Endpoint Protection
With the proliferation of desktops, laptops, smartphones, and tablets used by a growing mobile workforce, the number of endpoints continues to rise significantly. Every endpoint should include the latest security software, as an unprotected endpoint is simply an invitation for an attack.
Cryptojacking is one of many forms of cyber attacks organisations must guard against. While cryptojacking may seem to be more of a nuisance than a costly threat, the long-term impact of degraded device performance, increases in electricity costs, and damage to servers and devices from constant operation at higher temperatures can have a significant adverse effect on your resources. And cryptojacking may also introduce other forms of malicious code that can exact an even heavier toll.
Protect Your Organisation with Arctic Wolf
Cryptojacking and other cyber attacks are a constant worry for organisations. Unfortunately, internal IT teams don't always have the resources or expertise to fully guard against evolving threats.
Does your organisation need to bulk up its protection?
Learn how access to security experts and 24x7 coverage from Arctic Wolf will enable you to effectively monitor your organisation and prevent cryptojacking, ransomware, and many other cyber threats.