In 2017 we saw cybercriminals adopt a whole new approach to generating value from malware. Rather than stealing information or encrypting a victim’s files and demanding a ransom, cybercriminals started discretely hijacking computer systems and using them to generate cryptocurrency. In 2018, cryptojacking became one of the most prevalent forms of malware on the internet. The question to ask yourself in 2019 is “can I spot such an attack and, if I can, what do I do about it?”
What exactly is cryptojacking?
Before we can address cryptojacking itself we must have a general awareness of what cryptocurrencies are and how they work (e.g. Bitcoin).
A cryptocurrency is a form of electronic currency which is generated via a cryptographic process commonly referred to as coin mining. Without delving into the actual process of coin mining itself, the essential element to keep in mind is that it requires a considerable amount of computing power and, as a result, tends to be very expensive. So expensive if fact that the profit margin of coin mining is usually fairly slim.
While coin mining itself might not be tremendously profitable, the value of cryptocurrencies such as Bitcoin is immense, making it appealing to acquire. As a result, if you could use someone else’s device (and their electricity) for coin mining, thus avoiding the costs involved, the payout could be considerable.
Enter cryptojacking, which allows cybercriminals to do just that. The malware used in cryptojacking enables the attacker to utilize a victim’s device(s) to generate cryptocurrency on the attacker’s behalf. In some instances this can be so discrete that the victim might not even notice, while in other instances it can be highly disruptive to the victim’s ability to use their device, and possibly even damaging to the device itself.
While there are numerous ways in which cryptojacking is implemented, there are two primary categories of cryptojacking attacks to be aware of. The first is file-based, in which an application runs locally on a device and utilizes that device’s hardware to mine for cryptocurrency. The second is browser-based, and is able to access a device’s hardware through a web browser when visiting an infected website. While the file-based approach tends to be more efficient, the browser-based approach is by far the most prevalent due to the ease by which it can be implemented.
How can you identify cryptojacking?
While defining cryptojacking is fairly straight forward, identifying it is not. For starters, the attacker has a vested interest in remaining undetected. The longer they can mine, the more money they can make. As a result, they tend to avoid behavior that will draw attention to their activity. A stark comparison to this is ransomware, which will literally announce its presence at a certain point during an attack. Cryptojacking, on the other hand, could operate for a considerable period of time without the victim ever even noticing.
In addition, nearly all of the symptoms of cryptojacking can result from any number of computer related issues. Many of these issues aren’t even exclusively related to malware or criminal activity. If you take a look at the list of symptoms below, chances are you will find you have experienced nearly all of them at some point in your computer-using career.
- Slow internet connection due to increased network traffic
- Reduced battery life (mobile devices)
- Overheating (of device or battery)
- System fans running louder than normal
- Increased electricity usage
That said, it does pay to be vigilant. If you notice that your computer seems to be working harder than normal, especially when visiting a specific website, this could be a sign that something is up. While it might take a trained eye to determine if cryptojacking is actually the culprit, it is worth bringing abnormal behavior to the attention of your IT department or IT consultant. Even if cryptojacking isn’t involved, the symptoms listed above are worth checking out for any number of other reasons.
What can we do to prevent cryptojacking?
This is where things start to get interesting. Cybercriminals are masters of taking a seemingly benign, well intentioned technology and using it for illicit activities. Cryptojacking is no exception.
Coin mining itself is a completely legal and legitimate use of computer hardware. Compounding the issue, in 2017 a company named Coinhive released software enabling web developers to implement a possibly legitimate form of browser-based coin mining on their websites. The idea was that consenting visitors could help fund a website by allowing the site to mine for cryptocurrency via their browser while they visited the site. Ideally this type of interaction could be used in lieu of advertising or subscriptions to support the creation of content on the web. With enough visitors, the revenue for the site could be considerable while the impact on visitors would be negligible.
This is all well and good, but it makes it very difficult to develop a system capable of distinguishing between cryptojacking and legitimate coin mining. Anti-malware providers such as Webroot, one of Bryley’s internet security partners, are starting to develop solutions capable of thwarting cryptojacking attempts and alerting victims to its presence. There is, however, no single security solution that is going to keep you safe from cryptojacking in every instance.
Actions you can take to help prevent cryptojacking include:
- Educate users on the possible signs of cryptojacking
- Deploy overlapping and layered security systems that limit remote access to your network
- Secure software used for remote desktop connection
- Keep your software up to date
- Only visit websites that you trust
- Notify your IT provider of your device appears to be unusually slow or working harder than normal, or if you experience a significant loss of battery life (especially on newer devices)
If you have any questions regarding cryptojacking, or any other cybersecurity concern, we are here to help. Simply give us a call at 978.562.6077 and select option 2.
Resources
- https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-cryptojacking-modern-cash-cow-en.pdf
- https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-sep-2018.pdf
- https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET_Trends_Report_2019.pdf
- https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-cryptojacking-modern-cash-cow-en.pdf
- https://www.symantec.com/blogs/threat-intelligence/cryptojacking-modern-cash-cow
- https://www.nextgov.com/cybersecurity/2018/03/ransomware-attacks-decline-number-strains-doubled-researchers-found/146540/
- https://www.techrepublic.com/article/why-cryptojacking-will-become-an-even-larger-problem-in-2019