How to prevent cryptojacking: Recognizing and avoiding ransomware’s heir apparent

 In Security, Solutions

Ransomware has long been hackers’ go-to attack for a quick payout. But a new type of exploit potentially offers more consistent revenue.

Meet cryptojacking.

While cryptojacking is a relatively new threat, its leech-like attack has already latched on to over 4,000 websites, including government sites in the U.S. and U.K. Smartphones aren’t even safe – in early 2018, Malwarebytes identified millions of smartphones that were hijacked for mining cryptocurrency, with phones growing so hot from the processing they were at risk of melting.

While it’s hard to say how much money is made through cryptojacking, security researchers estimated that just one cryptomining botnet of more than half a million machines had collected $3.6 million by the end of January.

How does cryptojacking work and what can you do to stop it from infecting your systems? Let’s start from the beginning.

What is cryptojacking?

Cryptojacking is when hackers steal your devices’ processing power to mine cryptocurrency.

The cryptomining code hangs out in the background processes of your computer, or can work from JavaScript code in a web browser, slowly sapping your computing to the tune of potentially millions of dollars.

The appeal for hackers is convenience and consistency – cryptojacking is a gift that keeps on giving. It’s why cryptojacking is taking market share away from ransomware, which only nets hackers a one-time payday, if that. Cryptojacking can run potentially indefinitely without an infected organization even knowing their devices are bankrolling hackers.

How hackers infect your systems for cryptojacking

Cryptojacking code can infect your system the same way ransomware does: when employees click links or open attachments in suspicious emails. But you can also become infected by visiting a compromised website, which installs the code in the background while you browse.

The Los Angeles Times was one of those sites. A misconfigured AWS S3 storage bucket allowed hackers to drop in some code that hijacked processing power from visitors to the LA Times Homicide Report webpage.

Another way is by hackers breaking in. One of Tesla’s internal AWS cloud servers was busy mining cryptocurrency until independent researchers pointed it out to the company. The reason for both attacks is Tesla and the Los Angeles Times left their clouds unsecure with the door wide open for hackers.

How to tell if you’ve been infected

The signs of cryptojacking are not immediate red flags – overall system slowness, overheating, random restarts, and the fan running hard are all signs that cryptojacking is overworking your device.

There are a few other things to look for at an organizational level: excessive help desk calls for the symptoms above, unusual spikes in processing activity, and an increase in system and machine repair costs.

Cryptojackers can be sneaky – if they know your organization’s office is open from 8 a.m. to 4 p.m., they may ramp up their mining operations in the middle of the night when users aren’t there to notice a performance slow down. Make sure to track your processing activity over a 24-hour period to spot any anomalies.

How to protect your organization

Unfortunately, simple antivirus software can’t detect cryptojacking code on your system since it isn’t executable. Here are some other ways to protect your processing power from hackers:

  1. Mind your browser. Your first line of defense is keeping your browser and its extensions up to date. Add anti-cryptomining extensions like No Coin and Miner Block that search for the specific HTML or JavaScript codes that cause cryptojacking. Use JavaScript blockers and ad blockers as well. Basically, attempt to stop any incoming scripts or code that could compromise your systems.
  2. Filter infected websites. Add web filtering tools so you can block any sites that are running cryptojacking scripts. Make sure you keep these filters updated – many more sites are likely to become infected.
  3. Expand security awareness. Start incorporating cryptojacking knowledge into your security awareness training. Emphasize to users the risk of phishing emails and suspect sites and what the tell-tale signs are.

While cryptojacking is less disruptive than ransomware, it can still be time-consuming and expensive if your IT help desk has to respond to so many complaints about performance or overworked computers. Replacing hardware that’s prematurely burnt out is another risk.

But by recognizing the signs of cryptojacking and taking steps to avoid it, you can help keep the coin out of hackers’ pockets.

Related Posts: You may also be interested in...


Leave a Comment

13 − 5 =

Pin It on Pinterest