It can affect your organisation…..
With the increase in popularity and value of cryptocurrencies interest in malicious cryptomining malware is also growing strong. Cryptocurrencies use cryptography to secure transactions and mint new virtual coins which are generated when computers loaded with cryptomining software perform complex mathematical calculations. The user who successfully completes each calculation gets a reward in the form of a tiny amount of that cryptocurrency.
What is cryptojacking?
Cryptojacking (comes from “cryptocurrency” and “hijacking”) is unauthorized use of someone else’s internet-connected devices to mine Ethereum, Monero or any other kind of digital cash. When an attack is complete the crypto mining code keeps running in the background, often unsuspected by the owner, to mine virtual cash for the hacker. The victim mostly doesn’t try to track down the source as converse to ransomware cases where sensitive data may get compromised. The cryptomining malware does not steal/ corrupt/ encrypt any data of the owner hence detecting it becomes hard. This explains the increase in popularity of cryptojacking, like a lower risk and more profitable avenue, among hackers. Currently hackers prefer Monero and Zcash over the more popular cryptocurrency like Bitcoin because it is harder to track the illegal activity back to them.
How it can harm your devices?
Since mining is a very processor-intensive process it requires more power. Thus a cryptojacked device will draw more power and quickly drain its battery. Also to prevent over heating the fan of the machine needs to run faster. However, even with proper cooling, the increased heat over the long term damages the hardware of the device. And in extreme cases blows up IoT devices. Other sign will be slower performance or lags in execution since cryptojacking steals CPU processing resources.
Cryptojacking not only harms the individual whose computer is being hacked but also effects universities, companies and other large organizations. A large number of cryptojacked machines across an institution can consume substantial amounts of electricity and damage large numbers of computers. Since cryptojacking can go undetected for long it would be difficult for an organisations employee to cope with slower computer performance. Not to mention the time/ energy spent tracking down performance issues and replacing components or systems in the hope of solving the hitch.
How it is done?
There are two ways hackers deploy cryptojacking on victim’s computer:
- To trick a user to load cryptomining code to their computer. This is done by luring victims to click on a legitimate-looking email that leads them to a webpage or a website where the mining script is embedded. The script is placed on the victim’s device and keeps running in the background.
- Another way used is to inject crypto mining scripts into ad pops that are then distributed to several legitimate websites who then unknowingly serve it to their visitors. No code is stored on the user’s computers.
No matter which variant is used when the code runs the user’s device carries out complex mathematical calculations and sends the results to a server that the hacker controls.
What all devices it affects?
Cryptojacking can affect machines including PCs, servers, smart phones, laptops, tablets and even Internet of Things connected devices such as security cameras, sensors, smart TVs, smart speakers, toys, wearable’s, smart appliances, actuators etc.
How to stop it?
Organisations who are concerned their computers may have been subjected to cryptojacking can take following approaches:
- Cryptojacking scripts are not viruses but running an up-to-date antivirus program/end point protection can identify and block it.
- Users should also regularly install software updates that would block any malicious software running in the background.
- Installing an ad-blocking or anti-crypto mining extension on the web is another way to counter any cryptojacking code from getting accidentally downloaded on the users system.
- Deploying a network monitoring solution to prevent or detect a number of systems affected by cryptomining malware.
- Maintaining up-to-date browser extension and web filtering tools which would block users (employees in an organisation) from reaching web pages loaded with cryptojacking script.
- Monitoring your own websites for file changes on a web server or website themselves which may contain hidden crypto-mining code.
- Technical solutions can sometimes fail to incorporate cryptojacking-employee training can help users to have beforehand knowledge about the malware.
Crypto-minor hackers constantly keep changing their techniques to avoid detection. At Aspioneers, we advice businesses to beware of this new IoT security threat and constantly take step to protect their systems.