<-- Back

Cryptojacking: Why Your Organization Should Care

Of course, almost everyone has heard of bitcoin by now.  It is the gold standard of the relatively new and somewhat murky cryptocurrency world, or digital currencies that exist virtually online.  There are basically two ways to make money off of bitcoin or other digital currencies-successfully trade them on an exchange, or become a “miner”.  Cryptocurrency mining, or “cryptomining”, is a process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger by the miner. Also known as cryptocoin mining, altcoin mining, or Bitcoin mining, cryptocurrency mining has increased as cryptocurrency usage itself has grown significantly over the last few years.

What is mining? Each time a cryptocurrency transaction occurs, a cryptocurrency miner is responsible for verifying the authenticity of information and updating the blockchain with the transaction. The mining process itself involves competing with other cryptominers to solve complicated mathematical problems that are associated with a block containing that particular transaction’s data. The first cryptocurrency miner to crack the code is rewarded by being able to authorize the transaction, and in return for the service provided, earn small amounts of cryptocurrency of their own. To be competitive with other cryptominers, a cryptocurrency miner needs a computer with specialized hardware and high-powered systems that consume massive amounts of electricity to solve these complex calculations. And for some, that’s where cryptojacking comes into play.

Simply put, hackers (or cryptojackers) use malware to mine cryptocurrency using other people’s computers and devices, letting websites and other third parties bear the processing load instead of the hacker's own crypto mining systems. So instead of having multiple servers to run their own cryptocurrency mining operation, hackers use website servers and hijack the systems visiting those websites, and then conduct mining operations remotely. Once the malware has been embedded on such websites, it extends to individual users accessing those websites and then hijacks their web browsers, slowing down their systems because of the mining process being unknowingly conducted on their systems. Basically, it’s like someone jumping in an open train boxcar for a free ride and the train conductor doesn’t even know it.

Unlike most other types of malware, cryptojacking scripts do no damage to computers or victims’ data. They do, however, steal CPU processing resources which typically results in noticeably slower computer performance. Also, organizations with multiple cryptojacked systems can incur substantial costs in terms of time spent tracking down these performance issues and replacing components or even systems in the hopes of solving the problem.  

While there is no single way to prevent such attacks, organizations can take steps to defend themselves. These include regularly updating all devices with the latest software patches, changing or strengthening the device’s default credentials, using intrusion detection and prevention systems, and being cautious about clicking on suspicious links or attachments.

by Steve Hines, ThreatAdvice