How to prevent cryptojacking: Recognizing and avoiding ransomware’s heir apparent
Ransomware has long been hackers’ go-to attack for a quick payout. But a new type of exploit potentially offers more consistent revenue.
While cryptojacking is a relatively new threat, its leech-like attack has already latched on to over 4,000 websites, including government sites in the U.S. and U.K. Smartphones aren’t even safe – in early 2018, Malwarebytes identified millions of smartphones that were hijacked for mining cryptocurrency, with phones growing so hot from the processing they were at risk of melting.
While it’s hard to say how much money is made through cryptojacking, security researchers estimated that just one cryptomining botnet of more than half a million machines had collected $3.6 million by the end of January.
How does cryptojacking work and what can you do to stop it from infecting your systems? Let’s start from the beginning.
What is cryptojacking?
Cryptojacking is when hackers steal your devices’ processing power to mine cryptocurrency.
The appeal for hackers is convenience and consistency – cryptojacking is a gift that keeps on giving. It’s why cryptojacking is taking market share away from ransomware, which only nets hackers a one-time payday, if that. Cryptojacking can run potentially indefinitely without an infected organization even knowing their devices are bankrolling hackers.
How hackers infect your systems for cryptojacking
Cryptojacking code can infect your system the same way ransomware does: when employees click links or open attachments in suspicious emails. But you can also become infected by visiting a compromised website, which installs the code in the background while you browse.
The Los Angeles Times was one of those sites. A misconfigured AWS S3 storage bucket allowed hackers to drop in some code that hijacked processing power from visitors to the LA Times Homicide Report webpage.
Another way is by hackers breaking in. One of Tesla’s internal AWS cloud servers was busy mining cryptocurrency until independent researchers pointed it out to the company. The reason for both attacks is Tesla and the Los Angeles Times left their clouds unsecure with the door wide open for hackers.
How to tell if you’ve been infected
The signs of cryptojacking are not immediate red flags – overall system slowness, overheating, random restarts, and the fan running hard are all signs that cryptojacking is overworking your device.
There are a few other things to look for at an organizational level: excessive help desk calls for the symptoms above, unusual spikes in processing activity, and an increase in system and machine repair costs.
Cryptojackers can be sneaky – if they know your organization’s office is open from 8 a.m. to 4 p.m., they may ramp up their mining operations in the middle of the night when users aren’t there to notice a performance slow down. Make sure to track your processing activity over a 24-hour period to spot any anomalies.
How to protect your organization
Unfortunately, simple antivirus software can’t detect cryptojacking code on your system since it isn’t executable. Here are some other ways to protect your processing power from hackers:
- Filter infected websites. Add web filtering tools so you can block any sites that are running cryptojacking scripts. Make sure you keep these filters updated – many more sites are likely to become infected.
- Expand security awareness. Start incorporating cryptojacking knowledge into your security awareness training. Emphasize to users the risk of phishing emails and suspect sites and what the tell-tale signs are.
While cryptojacking is less disruptive than ransomware, it can still be time-consuming and expensive if your IT help desk has to respond to so many complaints about performance or overworked computers. Replacing hardware that’s prematurely burnt out is another risk.
But by recognizing the signs of cryptojacking and taking steps to avoid it, you can help keep the coin out of hackers’ pockets.