What You Should Know About Cryptojacking

What You Should Know About Cryptojacking

Cryptojacking is a notorious method of tricking the victim to perform the crime of mining the cryptocurrency for the attacker. This method does not inform the victim about the cryptocurrency mining but uses its CPU power and platform as an infrastructure to perform the crime.  Similar to ransomware, where System is the hostage for an attacker to get the ransom, in cryptojacking, the attacker uses the CPU power of the victim to mine a good amount for them. 

Cryptojacking has become more common fueled by the increasing value of various cryptocurrencies. Many malicious applications are either secretly embedding codes of mining the cryptocurrency in their javascript such as Coinhive’s software in websites or taking over computers by injecting malware, leading to luring the attackers towards cryptojacking. Besides the obvious influence of the increasing crypto currency values, interest of criminals towards crypto jacking has been rising due to the following reason. 

  • Criminals want easy money efficiently, and cryptojacking attacks are very low effort attacks. 
  • Since these attacks only require simple scripts, browser based cryptojacking doesn’t require the same level of skill set for preparing a malware as compared to traditional threats. 
  • As resources are being stolen instead of data, not all organizations understand the risk associated with cryptojacking. 
  • Lastly, cryptojacking is not very easy to get hold onto once pawed in your organization, as symptoms of these attacks are very basic, like slowing down the system speed, rising electricity bills etc. 

According to the report, The New Gold Rush Cryptocurrencies Are the New Frontier of Fraud, from Digital Shadows, cryptojacking kits are available on the dark web for as little as $30. 

Types of Cryptojacking 

There are two types of cryptojacking 

File based Cryptojacking attacks: These attacks enter a corporate network like any other malware. These attacks are self propagated, spreading through the network and creating huge cleanup costs. They may also infect other internal systems as they propagate within the infected system. 

Browser based Cryptojacking attacks: These cryptojacking attacks don’t need to get into your system. This means that if an employee visits websites on organizational devices, the organization security could be at risk. The attacker plants a malicious cryptojacking code on a vulnerable website. As soon as an employee logs in to such websites for some reading or e commerce activity, the users become a processing power for the attacker. As long as the web browser works, the attacker benefits from this malicious code. Harnessing the machine, the attacker performs the computation needed to update blockchain and release new currency. The mined currency becomes the earning of the attacker while the additional cost of infrastructure and server goes to the organization. 

“Cryptojacking via browsers also means that even people whose machines are fully patched are potential victims” 

How does Cryptojacking works 

Cryptojacking as a concept was first taken up by a company called Coinhive, where the root of  mining cryptocurrency was grounded. In this new proposal, the owner of the website was paid, even if the Browser visitor did not view the adwares. This was accomplished while a reader read the news or article on the browser or works on some web page, then instead of showing them adwares , a java script with a crypto mining code was run in the back to mine ‘Manero’. A java script was used to instruct the computer to start mining these coins. This was an ethical concept in the world of the Internet. 

But as we are aware of cyber criminals, who cannot keep the technology underwrap and their tarnished mind plays with the security of every new feature introduced by ethical researchers. In a cryptojacking attack, the criminal does not take permission from the website visitor for mining the currency and starts the process of crypto currency mining in an unauthorized manner. Also in ethical and authorized processes, the CPU usage is defined to a maximum of 60% while in a cryptojacking attack the device CPU usage goes to 100%. Extensive use of CPU will also lead to increased battery draining process. The malware also spreads in the system and infects other linked systems as well. Few Malwares have the working capability that allows them to spread over the network and affect every system on the network, making it potentially dangerous during a cryptojacking attack. 

To increase their ability to spread across a network, a malware in crypto mining code might include multiple versions to account for different architectures on the network. In an example by AT&T Alien Labs blog post, the cryptomining code simply downloads the implants for each architecture until one works. 

Impact of Cryptojacking 

Semantic internet threat security report has recorded an increase in these attacks of over 8500% since 2017.Cryptojacking can be a nuisance to your employees as they can experience slow down in performance or lead to overheated or completely unusable devices. More importantly, these attacks can bring unexpected increases in business cost due to higher electricity, faster device turnover and an increase in CPU usage based on cloud. 

In February 2018, an attacker injected a crypto mining script into Browsealoud’s JavaScript library used in around 4,000 UK and US government websites among others, also leading to a large number of the taxpayer funding affected and/or subsidized that were co-opted into illegal crypto mining. 

Each organization can safeguard their sensitive data from such attacks by spreading awareness amongst the employees and taking necessary precautionary measures like Anti Malware.