Cryptojacking is a term for illicit cryptocurrency mining. This cyberattack can impact individuals as well as organizations of all sizes. This article will explore this threat and what you can do about it.
Cryptocurrency
You have likely heard of cryptocurrency and fall somewhere along the spectrum of cryptocurrency being an important presence in your day-to-day life or cryptocurrency being something that completely disinterests you to the point where you know all that you plan to know about it- which is nothing. Regardless of your position and level of involvement with cryptocurrencies, cryptojacking threats will persist, so you ought to at least know enough about this threat to protect yourself from it.
Cryptocurrencies began in 2009 and have evolved to become a more mainstream methods for investing and for conducting transactions online.1 Cryptocurrency offers a distributed model of making payments to another party using cryptographic technology and a “proof”, which replaces the trusted third party, such as a financial institution, in other two-party exchanges of electronic money. It took little time for cryptocurrency to become a tool for criminal activity, with underground markets appearing on the “dark web” which sell drugs, weapons, stolen data, zero-day exploits, and malware. Cryptocurrencies have also been used to pay ransoms in ransomware attacks. Cryptocurrencies are created through a process called mining. Through mining, digital currency is awarded to individuals or groups that leverage their computer processing resources to solve complex mathematical equations. In most cases, these individuals and groups have consented to this use of their computer processing capacity, but in other cases, cyberattackers engage in cryptojacking- stealing a victim’s computer processing power (and electricity) to produce revenue that can be used to support their criminal activities.
Cryptojacking
The majority of cryptojacking cases are relatively unsophisticated cyberattacks carried out through spam email campaigns, phishing, exploit kits, or direct exploitation, often exploiting known vulnerabilities with patches available. These cyberattacks are a low investment and result in a large number of victims paying out small amounts of cryptocurrency, making these schemes attractive and profitable. Consequently, cryptojacking cases have been increasing dramatically and are increasingly targeting IoT devices, personal computers, and media devices such as smart TVs, cable boxes, and DVRs.
Cryptocurrency mining has two main methods: binary-based mining and browser-based mining, and both can be used legitimately, or as a tool for cryptojacking.
Binary-based mining. Binary-based mining are mining operations that are conducted as a compiled executable program or application that runs on a device.
Browser-based mining. Browser-based mining are mining operations that are conducted entirely within a browser via the JavaScript engine.
With either method, an individual could have knowingly or unknowingly installed software or ran scripts that allowed cyberattackers to use that individual’s system to mine.
Follow these tips to detect and obstruct cryptojacking:
- Use machine learning and AI to create a baseline which will help to detect unusual network traffic
- Monitor power consumption and CPU activity
- Checky system privileges and policies
- Monitor DNS query logs for text string relating to cryptocurrency mining
- Check running processes for command-line arguments used by cryptocurrency mining software
- Monitor firewall and web proxy logs
- Conduct real-time performance and system monitoring
- Apply whitelists and blacklists
- Train end users on cyber hygiene best practices
1 CTA, 2021, “The Illicit Cryptocurrency Mining Threat”