What is cryptojacking? How to prevent, detect,recover
- Cryptojacking is the process by which a hacker gains unauthorized access to another user’s computer, tablet, mobile phone, or similar device in order to install and run software to mine cryptocurrency, such as bitcoin or Monero.
- When a digital currency is successfully mined this way, the resulting digital token is transferred to the wallet of the hacker, rather than the owner of the device.
- Attacks can happen through malicious emails, phishing tactics, or malicious ads on websites, which conduct cryptojacking operations using the victim’s browser.
- Cryptocurrency mining increased by about 34,000 percent of rates from previous years.
- Increase in the profitability of mining and the resulting increase of mining rates were followed immediately by cryptojacking attacks increasing 8500 percent.
- Internet security threat report published by the Symantec Corporation.
- In 2018, cryptojacking attacks had increased 459 percent by September.
- According to a report published by the Cyber Threat Alliance in September 2018, the most cryptocurrency most commonly mined in these attacks is Monero.
- In November 2017, Adguard reported a 31 percent growth rate for in-browser cryptojacking.
- The research found 33,000 websites running cryptomining scripts. Adguard estimated that those site had a billion combined monthly visitors.
- Positive Technology’s Cybersecurity Threatscape Q1 2019 report shows that cryptomining now accounts for only 7% of all attacks, down from 23% in early 2018.
- The report suggests that cybercriminals have shifted more to ransomware, which is seen as more profitable.
How cryptojacking works
- Hackers have two primary ways to get a victim’s computer to secretly mine cryptocurrencies.
- One is to trick victims into loading cryptomining code onto their computers.
- This is done through phishing-like tactics: Victims receive a legitimate-looking email that encourages them to click on a link.
- The link runs code that places the cryptomining script on the computer.
- The script then runs in the background as the victim works.
- Once victims visit the website or the infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers.
- The method is used, the code runs complex mathematical problems on the victims’ computers and sends the results to a server that the hacker controls.
- . “Attacks use old malware tricks to deliver more reliable and persistent software [to the victims’ computers] as a fall back,” says Vaystikh. For example, of 100 devices mining cryptocurrencies for a hacker, 10 percent might be generating income from code on the victims’ machines, while 90 percent do so through their web browsers.
How to prevent cryptojacking
As with any other malware infection, there are some signs you may be able to notice on your own.
Symptoms of cryptojacking
- High processor usage on your device
- Sluggish or unusually slow response times
- Overheating of your device
How to prevent cryptojacking
- A strong internet security software suite can help block cryptojacking threats.
- In addition to using security software and educating yourself on cryptojacking,
- you can also install ad-blocking or anti-cryptomining extensions on web browsers for an extra layer of protection.
- As always, be sure to remain wary of phishing emails, unknown attachments, and dubious links.
- Keep your web filtering tools up to date.
If you identify a web page that is delivering cryptojacking scripts, make sure your users are blocked from accessing it again.
- Maintain browser extensions.
Some attackers are using malicious browser extensions or poisoning legitimate extensions to execute cryptomining scripts.
How to detect cryptojacking
- Cryptojacking can affect your organization despite your best efforts to stop it.
- Detecting it can be difficult, especially if only a few systems are compromised.
- Don’t count on your existing endpoint protection tools to stop cryptojacking. “Cryptomining code can hide from signature-based detection tools,” says Laliberte. “Desktop antivirus tools won’t see them.”
- Train your help desk to look for signs of cryptomining.
Sometimes the first indication is a spike in help desk complaints about slow computer performance.
- Deploy a network monitoring solution.
Cryptojacking is easy to detect via network monitoring solutions, and most corporate organizations have network monitoring tools.
What respond to a cryptojacking attack
- Kill and block website-delivered scripts.
- Update and purge browser extensions.
“If an extension infected the browser, closing the tab won’t help,” says Laliberte. “Update all the extensions and remove those not needed or that are infected.”
- Learn and adapt.
Use the experience to better understand how the attacker was able to compromise your systems. Update your user, helpdesk and IT training so they are better able to identify cryptojacking attempts and respond accordingly.