The rise of cryptocurrencies like Bitcoin, Monero, and Ethereum has brought it with many benefits including greater confidentiality of transactions, faster transaction times, and the elimination of transaction fees. However, it has also introduced new threats and risks including the menace that is cryptojacking. To understand cryptojacking better, we must first consider the key concepts and terminology behind cryptocurrency.
Cryptocurrency and Blockchain
Cryptocurrency is a digital currency that can be used to make secure payments online. It was invented in 2009 after Satoshi Nakamoto (an alias) created a digital cash system while trying to develop a centralized cash system. This digital cash system is based on blockchain technology which is used to create a time-stamped series of encrypted and immutable records of digital transactions. We can think of the cryptocurrency blockchain as a distributed public ledger. The records for each transaction (blocks) contain digital data including details of the sender and receiver and the number of coins involved in the transaction and are joined together using a cryptographic hash. These records are then stored as a public database (the chain). The cryptocurrencies can be used reliably because of the accuracy and transparency features of the cryptocurrency blockchain. There is only be one record of a digital transaction in a cryptocurrency blockchain which also permanent, unlike records on traditional databases.
Cryptomining and Cryptojacking
Cryptomining is simply the exchange of computer processing cycles for cryptocurrency. It can be defined as the process by which records of new cryptocurrency transactions are verified and added to the blockchain ledger. For a new record to be added, the hash function required for the new block to be joined to the blockchain must first be computed. Successfully computing this hash function introduces new coins into the existing circulation. This element is key to the functioning of cryptocurrencies as a decentralized entity. Anyone can compute this hash function so far they have the computer resources required and mine cryptocurrency for themselves.
Cryptojacking is malicious cryptomining involving the use of malware by cybercriminals to either force the devices of unsuspecting victims into mining cryptocurrencies for them or to steal cryptocurrency wallets. These malicious cryptomining scripts are easily obtainable online and easy to deploy. Once introduced to the target device, they run behind the scenes mining cryptocurrencies for the attackers. They typically remain undetected for a long time as more difficult to detect than traditional hacking methods. Even when detected, they are very difficult to trace back the attack to the attackers. Due to these factors, cybercriminals are increasingly shifting their focus to cryptojacking attacks as it offers a high potential for financial gain with minimal risk and effort.
The three main methods used by cybercriminals to maliciously mine cryptocurrencies are:
- File-Based Cryptojacking: In this method, the malware is deployed as an executable file. The malicious file can be distributed through means like email attachments. When run, a cryptomining script is launched in the background. The malicious code spreads within the IT infrastructure leveraging computer resources without the users’ knowledge.
- Browser-Based Cryptojacking: This method performs the cryptojacking attack directly within a web browser. The cryptomining script is typically embedded in ads, or vulnerable plugins available on numerous websites. When a victim visits the website, the script is automatically run with code being downloaded onto their computer from where it spreads.
- Cloud Cryptojacking: In this method, attackers use compromised API keys to access their target’s cloud services. Once access is gained, the attackers leverage the unlimited CPU resources available for cryptomining, resulting in a massive increase in account costs.
Cryptojacking can adversely impact your entire business operation. They reduce productivity and increase costs. Organizations must be very vigilant as malicious cryptomining code can easily evade detection. IT teams must be on the watch for these tell-tale signs of cryptojacking including increased processor usage, reduced performance of devices, overheating, and sudden increase in power consumption. Enterprise websites should be regularly monitored for changes to webpages or any files on the web server. Adblockers, anti-cryptomining extensions, and security software should be employed to detect and block cryptomining scripts. Also, IT teams must stay up-to-date with the latest cryptojacking trends. Employees should be trained in the best cybersecurity practices to avoid possible malware infection as well as how to recognize and report warning signs to the IT team.