In February 2018 network administrators at Tesla discovered that hackers had “cryptojacked” their Amazon S3 cloud service. At about the same time, the IT department of a water treatment plant found cryptojackers had infiltrated a network server. Cryptojackers have even compromised the United States federal courts system. Cryptojacking is on the rise, and organizations with any significant computer processing power are becoming targets.
For years it seemed all hackers wanted to do was take stuff from computers: user ids, passwords, personal contact data, financial account information, and more. Lately, a new breed of cybercriminal wants to make something from other people’s computers: cryptocurrencies. The means by which individuals and groups try to make money from computing power is called cryptojacking.
There are ways to protect networks against such hijacks; however, they do require some effort, ingenuity and maybe some expense.
What is a Cryptocurrency?
Communities come together through a computer network called a Blockchain. Members of the communities transact business through digital currencies called cryptocurrencies. Blockchain creators use tokens as a symbolic representation of an individual unit of a cryptocurrency. (Similarly, traditional financial institutions trade currencies on the order of trillions of dollars daily; however, if any of us want to buy something, we require a “token” called a dollar bill or a euro note or what have you to make the purchase.)
The reason for the “crypto” prefix is that the computers on the network use special programs to solve complex mathematical problems, much like a cryptographer sets about cracking a code. When a computer cracks the code related to a transaction, it also mints a digital coin.
Minting these cryptocurrencies takes time and resources and know-how. The community that has joined invested in the Blockchain markets know, appreciate and place value on the cryptocurrencies as they come onto the community market. They use national currencies like the US dollar to buy cryptocurrencies to transact business in the community, or simply as a store of value that they sell when they feel their tokens have gained in value (or are beginning to devalue).
What is cryptojacking?
Cryptojacking involves illicitly using other computing devices to mine cryptocurrency for blockchain communities. Cryptojackers hope people will use real (i.e., national) currencies to buy the tokens on blockchains they host. Then, they abscond with the tokens and cash them in on coin exchanges. Criminal groups may also use investment in the unsanctioned coins to launder ill-gotten gains.
Anyone can create a malicious cryptojacking script today, especially with the various cryptojacking kits that can be purchased from the Dark Web for even less than 50$. With so many hackers aiming to profit off this cheap hacking method, it gets more and more difficult to protect devices.
How can computers be cryptojacked?
One of the most popular means by which hackers introduce cryptojacking software onto computers is through browser hijacking. Browser hijacking involves the unwanted introduction of software onto internet browsers that alters the activity of the browsers. Browsers are the software “window” on the internet. People use browsers to see, search for and manipulate information on the internet.
Most browser hijacking occurs through phishing emails that entice computer users to click on links to websites that drop cryptojacking malware onto systems. Also, sometimes users click on advertisements that lead them to malicious websites intended for the same purpose.
So what does cryptojacking do to a computer?
Once the malware loads onto a computer, it begins mining for cryptocurrency and sending the results back to the hacker who launched the intrusion. Cryptojacking software doesn’t affect the user’s data or damage the computer, though. However, the virus steals precious CPU processing resources that visibly slows down the system’s performance. The computers also use exponentially more electricity than uninfected devices, which can significantly increase household electricity bills.
How to prevent cryptojacking on devices?
To protect devices from being infected by a malicious code, stay cautious and consider the following prevention steps:
- Instruct users to avoid downloading sketchy apps from unknown developers, and always check the background of the application before installing it on a machine.
- Users must also avoid clicking on links that arrive through emails from unknown parties. Hackers tend to send out official-looking emails that encourage users to click on a link, which will download a cryptojacking script in the background.
- Use ad-blockers like Adblock Plus and Ad Away. Opera’s Ad Blocker also blocks cryptojacking software downloads.
- Manage mobile devices by using one of the many available mobile device management systems that clear the background of the device and manage apps. Security applications that send alerts when they detect a suspicious link or a website are also a good way to protect machines.
How to respond to cryptojacking?
Detecting a cryptojacking script is difficult. The software runs in the background and doesn’t interfere with data on a machine. Many users and administrators are not even aware of an infestation. Some more advanced cyrptojacking malware can even hide from detection tools.
However, if a computer starts slowing down without reason, it’s been cryptojacked. Overheating and underperformance are also signs that the device could be infected. If machines start to slow down as when users open a certain website, it is possible that an in-browser attack is taking place.
Users need to immediately close the browser tab they are running. This should stop the malicious script. Then, block that website to prevent it from being opened again. As a response to an in-browser attack, system administrators should manage and delete all browser extensions users don’t use or the ones that may be infected.
Overall, network and machine owners need to stay cautious about the apps they install, as well as links and advertisements that lead to unknown web addresses. Even though cryptojacking is not an immediate threat to data, it may be paving the way for malware that is damaging to the business. No network administrator wants their machines slowing down and under-performing, especially if an enterprise is dependent on them for its success.
Coranet is a certified Woman-Owned Information Technology Organization that has been meeting the requirements of Enterprise and Government entities for over 30 years. Network Engineering and Technical Support is part of our foundation and we continue this proud tradition with a 360-degree approach to technology solutions and services in the areas of Audio Visual, Network & Physical Security, IT Infrastructure, and Consulting/Project Management. Coranet is ISO 9001 registered, Lean Six Sigma and WBENC certified.
Please contact us at Sales@coranet.com for more information