Cryptojacking has overtaken ransomware as one of the biggest cybersecurity threats, but it’s one that’s often overlooked.
In the far-off times of 2009, Bitcoin became the world’s first decentralized cryptocurrency. No one knew the true identity of the person or people who invented it. So, we just use the pseudonym Satoshi Nakamoto, referred to in the original Bitcoin white paper instead. Fast-forward 10 years, and we’ve since seen dozens of other cryptocurrencies enter the market as well as a sharp rise, and dramatic crash, in their values in the last few years.
Where there’s money to be made, there’s the constant threat of cybercrime. The anonymous nature of cryptocurrency transactions makes them the perfect cover for illegal operations. The dramatic rise of ransomware in recent years is undoubtedly the best-known example. Rather than ask for ransoms in easily trackable mainstream currencies, attackers demand payments in cryptocurrency, typically Bitcoin.
Although the cryptocurrency market crashed in 2018, following an unprecedented boom-and-bust the previous year, cryptocurrency still has value, and it demonstrates growth from time to time just like most mainstream currencies. And, there’s another way to obtain these virtual currencies aside from transactions – mining. Mining refers to the use of computing resources to validate transactions. This gives cybercriminals a new opportunity to make bank – by taking over victim’s machines and using their resources to create virtual currency.
The new favorite cash cow for cybercriminals
2017 was a year of ransomware, with various high-profile attacks like WannaCry and NotPetya making headlines around the world. But ransomware often isn’t very profitable, with hackers only having a three percent success rate of getting someone to pay to recover an infected computer. It also comes with a substantially higher risk of getting caught than many other attacks. That’s not the case with the new threat – cryptojacking.
First, let’s look at the background. It takes a lot of computing resources to mine anything more than a trivial amount of cryptocurrency. During the cryptocurrency boom, miners were building powerful machines and running them around the clock. Discrete graphics cards, which have traditionally been marketed to gamers and 3D designers, soared in price and entire server farms were assembled for the sole purpose of mining cryptocurrencies. Then, as the currencies crashed in 2018, people soon found out that the value of the cryptocurrencies their machines could mine wasn’t even enough to pay for the electrical consumption.
A recent study by Kaspersky quantified the power consumption and environmental impacts of cryptocurrency mining. Some estimates suggest that the total amount of energy consumed by Bitcoin miners worldwide is comparable to the entire energy consumption of the Czech Republic, a country with more than 10-million people.
Less honorable cryptocurrency miners soon found the perfect solution – use someone else’s computer to do the job and have them foot the bill instead. Cryptojacking was born. Using many of the same tactics as those used to spread ransomware, criminals are now infecting millions of computers across thousands of networks with cryptojacking malware, which mines digital currencies and sends the funds directly to their anonymous digital wallets.
To do it, criminals usually rely on social engineering tactics to dupe victims into loading malicious code onto their computers and wider networks. Another method, which requires a bit more technical expertise, is to inject malicious scripts into a vulnerable website or app and have it delivered to many computers that access them. The hacker then ends up with a huge network mining cryptocurrency at someone else’s expense.
Cryptojacking scripts are now widely available on the dark web marketplaces in the form of ‘malware-as-a-service.’ This trend allows almost anyone to get involved, regardless of the limitations of their technical skills. To make matters worse, cryptojacking infections don’t require any downloads, and scripts run discretely, so they can operate for a long time undetected. The most popular cryptocurrencies to mine include lesser-known ones like Monero and Zcash, because they make it even harder to track illegal activity that the far more widespread Bitcoin.
What cryptojacking means for your business
While it’s true that malicious mining is far less destructive than ransomware and many other cyber-threats, that doesn’t mean it’s something to take lightly. Cryptojacking attacks can result in both direct and indirect losses for a business. After all, the victims are the ones paying for all the computing power used. Aside from a substantial increase in electrical consumption, mining increases the wear and tear on hardware by having processing cores, including those belonging to discrete graphics cards, working overtime to mine ill-gotten cryptocurrency. These direct costs are compounded by the fact that cryptojacking attacks often go unnoticed for many months, and it’s often difficult to quantify their true costs. A recent study by Kaspersky even found that after maliciously mining cryptocurrency for two days’ straight using mobile mining malware, the infected devices’ batteries started to expand to the point of physically deforming the phones.
All this wasted bandwidth also decreases the speed and efficiency of legitimate computing workloads. Most of us have experienced the frustrating situation when our computers grind to a halt due to a program consuming all available resources. Although there are many legitimate cases for this, such as automatic updates or resource-intensive background tasks, malicious mining shouldn’t be one of them! When you have cryptojacking malware overwhelming a system, it can cause severe performance problems, which will have an immediate effect on your end users and, ultimately, your customers. If, for example, a healthcare provider is targeted, staff could be unable to quickly and reliably access critical patient health information. Attacks have also targeted critical infrastructure, including a water company in Europe.
On the face of it, cryptojacking might seem like a simple hack, but the cybercriminals who deploy such attacks could be more risky than just opportunistic parasites. Like ransomware, cryptojacking may itself be used as a decoy to draw attention away from even more serious attacks. Other attacks may be combined with fake antivirus software to bombard victims with ads claiming they must pay to have their devices cleaned in a worrying blend of malicious mining and ransomware. On the surface, attacks might look financially motivated, but the potential of cryptojacking malware to overload infected systems and cause physical damage might be the real end goal.
How can you protect your business?
IT business leaders should never underestimate the damage that malicious mining can do. To mitigate the risks, they must use reliable security solutions across all devices, including public terminals, IoT devices and anything else with an internet connection. To protect against cryptojacking attacks specifically, it’s also necessary to monitor processor usage across all endpoints, including those hosted in the cloud. Finally, be sure to look out for any frequent queries to IP addresses belonging to cryptocurrency mining pools. By taking these steps to protect yourself, you’ll keep your computers working for you, and not for someone else.
Article reflects the opinions of the author.
Article published in 2019.