Ransomware has been the talk of the IT town for the last few years, and we’ve covered it quite a bit ourselves. And while ransomware remains a very prevalent threat that’s expected to strike businesses every 14 seconds through the end of 2019, it may slowly be losing favor amongst cyber criminals who are turning to the next big thing: cryptojacking.
What’s behind the new threat?
It's not exactly new—it's just taken a backseat to ransomware. But this is likely to change. Two of the world’s leading cybersecurity firms, McAfee Labs in Santa Clara, California, and Kaspersky Labs in Moscow, Russia, report that ransomware is in decline, from 1.2 million in 2016-2017 to 750K in 2017-2018. Most experts agree that part of the reason for the decline is that organizations are refusing to give in to payment demands and reporting the attacks, lessening financial gains, and heightening the risk of detection for cyber criminals. During this same period, however, cryptojacking incidents rose from 1.9 million to 2.7 million. With such staggering numbers, why don’t we hear about cryptojacking nearly as much as we do ransomware? Because, while ransomware enters IT infrastructures like a bull in a china shop, scaring victims and making headlines, cryptojacking is stealthier and can fly under the radar for quite a while; and that’s by design.
What is cryptojacking?
Simply put, cryptojacking is the secret use of a computing device to mine cryptocurrency by stealing a computer’s processing power (this is often referred to as cryptomining; some of the most notable being Coinhive, Cryptoloot, and Rocks). Most users won’t notice anything unusual except that their computer might be running a little slower, or the fan might be working a bit harder. The longer a cryptominer can remain undetected, the more illicit cryptocurrency it can mine. This leaves the victim bearing the costs (like electricity) that are necessary to mine cryptocurrency, and the criminals get away with the tokens. We love the way tech writer Jeff Edwards explains cryptojacking: “imagine a stranger is using your house when you're off at work, using the water, the electricity, the heat— it's a bit like that. For hackers, the benefit is obvious: they can mine cryptocurrencies without paying the astronomical electric bills that generally come with such activity.”
How does a computer become cryptojacked?
The most popular way cryptojacking occurs is through malicious emails containing a link or an attachment; once clicked or opened, it runs code that downloads the cryptomining script on the computer. Unlike ransomware which would then sound bells and whistles and make a big production out of the event, the cryptojacking script works in the background without the victim’s knowledge. Another way cryptomining script can be injected into a computer is through infected websites; when visiting a site, a malicious ad may pop up in the victim’s browser and the script automatically executes. It’s frightening how easy it is—and that’s why cyber criminals are drawn to it.
“Compared with well-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler, more straightforward, and less risky,” explains McAfee Labs research. “All criminals must do is infect millions of systems and start monetizing the attack by mining for cryptocurrencies on victims’ systems. There are no middlemen, there are no fraud schemes, and there are no victims who need to be prompted to pay and who, potentially, may back up their systems in advance and refuse to pay.”
Who’s being affected by cryptojacking?
Individuals, as well as organizations—big and small, across every industry—are being affected. Some of the more high-profile incidents include a 2017 infection on a few of Showtime’s online streaming websites, in which script running in the background mined currency; reports state that the hidden parasite consumed as much as 60% of CPU capacity from visitors streaming on the site. In February of 2018, malicious cryptojacking code was discovered on the Los Angeles Times homicide report webpage; it sat there quietly mining currencies from visitors on the page until it was killed off by security researchers.
How can I detect and prevent cryptojacking?
Detecting cryptojacking requires close monitoring of processor usage on devices, sluggish or unusually slow response times (many corporations have been alerted to cryptojacking due to an unusual influx of complaints to the IT department regarding slow computers), or overheating. Companies may feel safe having installed desktop antivirus tools, but these won’t spot cryptominers, which makes prevention crucial. Prevention strategies include:
- Installing ad-blocking and anti-cryptomining extensions. Because cryptojacking scripts are often injected through web ads, ad blockers can often detect and stop them; web browser extensions like No Coin and MinerBlock can also help detect and block cryptomining scripts.
- Keeping web filtering tools current. If a page is identified as delivering cryptojacking script, make sure it is blocked from any further access.
- Restricting privileges. The less employees you have on the web, the less chance there is for a cryptojacking. Limiting online privileges to only those who need them to perform work-related tasks can reduce the possibility of infection.
- Creating a patch management plan. Ensure your organization is managing patches and upgrades for your software companies by developing a plan of action. There are also patch management programs that can scan systems to determine if any patches are needed.
- Educating employees. Just like with ransomware, education regarding suspicious links and attachments is critical. Unlike ransomware, however, employees can’t control if they’re infected when visiting a legitimate website, which is why ad blockers and other precautions are crucial.
Between ransomware and cryptojacking, today’s businesses are under attack. While ransomware will let you know immediately if you’re a victim, cryptoattacks will quietly drain you of money by using your electricity, and can cost you thousands in lost productivity by slowing down computer speeds and possibly crashing systems altogether. To protect yourself, it’s important to remain vigilant and keep systems current. A reputable cloud provider can help by offering 24/7 monitoring of systems, and deploying instant updates and patches. If you’re considering a move to the cloud, or a switch from your current cloud provider to prevent attacks of this nature, contact the experts at DSM, Florida’s preferred cloud provider.