Cybercriminals are relentless in their pursuit of easy profits. New ways of attacking computer and mobile users emerge every day, and one attack that’s guaranteed to cause many headaches in 2019 is cryptojacking. In this article, we explain what cryptojacking is and help you protect yourself against it.
What Is Cryptojacking?
Norton, an award-winning antivirus and security software provider, defines cryptojacking as “the unauthorized use of a computer, tablet, mobile phone, or connected home device by cybercriminals to mine for cryptocurrency.”
Unless you’ve been exploring the Amazon forest for the last decade, you probably already know what a cryptocurrency is: a digital asset that uses strong cryptography to secure financial transactions and works as a medium of exchange.
A great example of a cryptocurrency is Bitcoin, which was created in 2009 and has become the most popular cryptocurrency in the world. Like many other cryptocurrencies, Bitcoin can be used to purchase online services and tangible goods, and it can also be exchanged for fiat currency on cryptocurrency exchanges.
One way users can acquire Bitcoins is with a process called mining, which involves running special software to solve complex mathematical puzzles. Traditionally, mining is performed on dedicated mining rigs with specialized hardware components, but just about any computer, mobile device, and even some routers can mine Bitcoins far less efficiently.
Cybercriminals know this, and they’ve figured out how to hijack someone else’s machine with just a few lines of code to make free money with minimal effort by mining for Bitcoin and other cryptocurrencies, mainly Monero, which has been designed with anonymity in mind.
Cryptojacking Is Not Going Away
Cryptojacking is not an entirely new threat. It peaked in December 2017, just when the cryptocurrency craze was at its peak, but it’s certainly not going away anytime soon. In the first half of 2018 alone, cybercriminals sent out 2.4 million instances of crypto-malware, according to a report from McAfee Labs.
The most popular JavaScript cryptocurrency miner, Coinhive, was found on 34,474 sites in February 2018, compared with 30,000 sites back in November 2017. Ready-made cryptojacking kits can be purchased on the dark web for just $30, and they don’t require any significant technical skills to use. “Hackers see cryptojacking as a cheaper, more profitable alternative to ransomware,” says Alex Vaystikh, CTO and co-founder of SecBI.
Despite how accessible this new attack is, it can generate millions of dollars when executed on a large scale. For example, the Smominru crypto mining botnet, which infected over a half-million Windows servers in Russia, India, and Taiwan, generated as much as $3.6 million worth of Monero.
Cybercriminals continue to increase their skills and find new ways to execute costly attacks. One recent example involves unauthorized cryptocurrency mining on the operational technology network of a European water utility’s control system. “This is the first instance of such a cryptocurrency miner that we have seen in an industrial site,” Ilan Barda, CEO of Radiflow, the security firm that discovered the problem, told eWEEK.
Protect Yourself from Cryptojacking
There are two main ways how cryptojacking occurs, and you need to be familiar with both of them to prevent yourself from becoming a victim.
File-based attacks: Remember the cryptojacking malware installed on a water-utility provider’s network in Europe? It was probably installed after an employee unknowingly downloaded it from a website. It could have also been installed using phishing-like tactics and by encouraging the employee to open an email attachment.
File-based cryptojacking malware works very much just like regular malware. It’s loaded directly onto a device and runs quietly in the background. This type of cryptojacking is typically used for highly targeted attacks.
Browser-based attacks: This alternative approach to cryptojacking doesn’t store any code on the victims’ computers. Instead, it relies on code injected on websites or delivered with ads. Browser-based attacks are most commonly accomplished using JavaScript, which is a popular programming language used for building interactive websites.
“In most cases, devices are surreptitiously infected via compromised website code—advertising or third-party content—that executes JavaScript to either call to another resource or drop an exploit kit,” says Chris Olson, CEO of The Media Trust.
How to Detect and Prevent Cryptojacking in 2019
Since most cryptojacking attacks rely on JavaScript or web ads, you can protect yourself against them using a browser extension for content filtering and ad-blocking, such as uBlock Origin. There are extensions that address cryptojacking specifically, including No Coin and MinerBlock.
To protect yourself from file-based attacks, you should also use an endpoint protection solution with crypto miner detection capabilities, such as Malwarebytes. “Antivirus is one of the good things to have on endpoints to protect against crypto mining. If it’s known, there’s a good chance it will be detected,” says Travis Farral, a security strategy director at Anomali.
Businesses should incorporate cryptojacking into their security awareness training programs and go over some of the most common signs of active cryptojacking attacks, which include but are not limited to:
- High CPU usage
- Slow response times
- Overheating
- Increased electricity usage
- Battery drain
Just be aware that cybercriminals are inventive and know how to make attacks hard to detect. In the past, you would often see your CPU usage hit 100 percent shortly after loading a mining script, causing your CPU fan to get very loud, instantly alerting you that something is not correct.
That’s no longer the case today, with many scripts cleverly using only a fraction of your device’s processing power and waiting for idle moments before cranking up the mining speed. Fortunately, anti-malware and mining solutions have also improved, so users have no reason to feel defenseless—they just need to know which tools to defend themselves.
How to Recover from Cryptojacking in 2019
Unlike other types of malware, cryptojacking scripts don’t damage the hardware or steal victims’ data, making them relatively easy to recover. There are really only three steps you need to go through to recover from an attack successfully:
- Kill the script: The actual cost of cryptojacking attacks is counted mainly in the time spent tracking them down. When you detect an active attack, you need to kill it as soon as possible using your endpoint protection solution, browser extension, or manually.
- Update your security: After neutralizing the threat, update your security so that you can’t become infected again by the same cryptojacking script. This may involve updating your web browser, deleting a malicious browser extension, or purchasing a better endpoint security solution.
- Learn from the experience: Think long and hard about how the attack happened to understand better what you need to do to never become a victim of another attack again.
A repeated failure to recover from an attack is often an indication of a much more severe problem. It could, for example, mean that the attacker has direct access to the affected device. That’s why you should always respond to all attacks promptly and accordingly. Just because they don’t cause any real damage or put your personal data at risk doesn’t warrant a careless approach.
Conclusion
The cybersecurity landscape is constantly morphing, but everything indicates that cryptojacking is here to stay. The good news is that you can quickly protect yourself from it using the techniques and solutions described in this article. Keep in mind that cybercriminals will continue to find new ways to execute malicious mining code on all kinds of devices—from computers to smartphones to routers—so it’s in your best interest to understand their strategies.