Cryptojacking is “jacking” or the unauthorized use of a computer system to mine cryptocurrency. There are many ways by which hackers can jack a system – the most popular being, an infecting website or getting the victim to click on an unsecured link via an email which downloads the malicious crypto-mining code on to the computer. There have been reports of various malicious online ads with embedded JavaScript code that auto-executes once loaded in the victim’s browser. Cybercrime is big business; it generates approximately $1.5 trillion in revenue every year. What makes this a lucrative business? Well, you earn a high income with minimum efforts and with the risk of only a mere penalty if caught.
It comes as no surprise that cybercriminals are upping their game, considering the rise in values of cryptocurrencies like Bitcoin and Ethereum. It is luring enough for cybercriminals to make ways of profiteering in this trend. The main cost of producing, rather discovering, cryptocurrencies is the mining process which requires massive computational resources and some smart cybercriminals have figured out to a massive network of jacked PCs that could provide the same computational capacity as a mining farm, without any operational cost! This led cybercriminals to create a new cyber-attack technique that offers better pay-out odds in comparison to ransomware.
Cryptojacking is becoming more popular amongst cybercriminals as it requires less technical skills as compared to ransomware and it also offers up to a potential 100% payout ratio. Infected machines will immediately start to mine cryptocurrency in stealth mode regardless of its processing power or even its geographical location. Low-end systems can also be used as they work in a cluster of connected compromised machines, and hence with the combined computational power, create a system as powerful than supercomputers. Malicious mining component can be injected into a mobile device, personal computer, a server, the Cloud, or even an IoT device. It doesn’t even matter what operating system one is using. The attackers can take advantage of computing power for their illegal activities with any specific OS. Even IoT devices with limited processing power can be compromised: The Mirai botnet has shown us what multiple IoT devices can do when working together.
Check out the Mirai Botnet: The Rise of Internet-Enabled Machines article here.
It is definitely not a coincidence that the same model has been repurposed to mine cryptocurrency. In fact, hacking multiple IoT devices can be rewarding: A recent study stated that 15,000 hacked IoT devices can mine $1,000 of cryptocurrency in just four days. This is pretty cool considering that by 2020, there will be over 20 billion internet-connected devices. Multiple infection vectors such as brute-force attacks, unpatched vulnerabilities, or compromised websites are used by the attacker to spread cryptojacking scripts. Even current malwares can be modified to mine cryptocurrency, or to attach this “feature” to existing ones.
‘Coinhive’ mines a cryptocurrency called Monero and the primary motive besides being able to stay incognito with this blockchain, the algorithm used to calculate the hashes, called ‘Cryptonight’, was designed to run efficiently on consumer CPU. ‘Malvertising’, which is injecting the Coinhive code into advertisements provided by platforms like AOL or Google DoubleClick is now getting more popular. Even if the user leaves the compromised page or terminates his browser it would make no difference, since the malicious code could be hidden in a tiny ‘pop-up’ window hidden behind the Windows taskbar.
Data leakage in the Cloud is often the result of misconfigurations such as wrong permissions, lack of an adequate password protection or simply carelessness. Instead of stealing data, these same misconfigurations can be used by attackers to spin-up their own instances and use them to mine cryptocurrency. Take the example of Tesla, whose public Cloud was used to mine cryptocurrency – miners can utilize known Cloud services to spread more quickly inside organizations, or even to avoid detection.
How to protect yourself against Cryptojacking
• Keep your antivirus and OS system updated.
• Do not download any software from untrustworthy sources.
• Do not visit untrustworthy websites and platforms.
• Keep track of your CPU usage and see if becomes unnecessarily high.
• Scan all uploads and downloads from unmanaged devices to authorized Cloud applications for malware.
• Scan all uploads and downloads from remote devices to authorized Cloud applications for malware.
• Enforce quarantine/block actions on malware detection.
• Block unauthorized instances of authorized/well-known Cloud apps, to prevent attackers from exploiting user trust in the Cloud.
These preventative measures are often effective and offer the barricade you need to protect yourself against clambering cryptojacking attacks and stop them in their tracks. Cybercriminals are always on the watch for the apt opportunity to exploit what they can and when they can, so it is better not to give them a chance.
