Cryptojacking: Definition

The unauthorized use of a third party’s computer to mine cryptocurrency is termed cryptojacking. Cyber Attackers are using ransomware-like tactics to mine cryptocurrencies via your computers. Such attacks can occur in several forms, such as a malicious link in an email, a malicious website or an online ad with JavaScript code. Through these means, the cryptomining code starts working in the background. The code slows down system performance or leads to lags in execution.

How Cryptojacking Works

Hackers secretly mine cryptocurrencies from your computer in two ways:

1. Through Phishing-Like Tactics

Cyber Attackers can trick you into loading crypto mining codes onto your system using phishing-like tricks. You may receive an authentic-looking email encouraging you to access an external link. As soon as you click the link, the link runs a code that places the crypto mining script on your computer, which then works in the background.

2. Corrupt Websites or Ads

Hackers can inject a script on a website or an ad. The script automatically executes once you visit the website or the ad. In this cryptojacking approach, the code does not reside on victims’ computers.

The cryptomining code runs complex mathematical algorithms on the victim’s computer and sends the results back to the hacker. In most cases, hackers use both methods because it maximizes their return. Some crypto mining scripts even help hackers infect other devices and servers on a network.

Cryptojacking: Past and Present

There is no evidence concerning the extent of cryptocurrency mining through cryptojacking, but there is no question it exists. Here are some key facts:

● The volume of cryptojacking attacks fell 78% in the second half of 2019 because of Coinhive closure, which used to be a legal mining service that provided scripts and servers for in-browser mining activities.

● The decrease in cryptojacking started in 2019, indicating that cryptomining only accounts for 7% of all attacks. So, it is lower from the earlier 23% in early 2018.

Cryptomining is still in its infancy, but it can have severe outcomes. For instance, the Smominru cryptomining botnet in January 2018 infected more than a half-million machines. Most of these machines were in India, Russia, and Taiwan. It targeted Windows servers to mine Monero, generating around $3.6 million by the end of January.

The Palo Alto Networks incident provided another example of cryptojacking when attackers tried to cryptojack Docker images and mine for Monero. In June 2020, Palo Alto Networks found a cryptojacking scheme, delivering crypto mining software to victims’ systems using Docker images on the Docker Hub network. The hackers conducted their attack in this way because it is not easy to detect the cause if they place the cryptomining code within a Docker image. Hackers accessed the infected images more than two million times, earning $36,000 in ill-gotten gains.

While there isn’t as much cryptojacking occurring in the present day, it is still popular because the attack technique does not require any significant technical skills — you can easily buy cryptojacking kits on the dark web for just $30. It is an easy way for hackers to make money.

How to Prevent Cryptojacking

Here are some of the best ways to minimize the risk of your organization falling prey to cryptojacking:

●    Training Your Employees

When technical solutions fail, training will save the day. You can include cryptojacking threats as a part of your security awareness training, discussing all the possible phishing-type attempts that load scripts onto users’ computers.

●    Having Anti-Cryptomining Extensions

Because most cryptojacking scripts enter your systems through web ads, it is wise to install an ad blocker. It can help you detect and block ads which will also block cryptomining scripts.

●    Using Endpoint Protection

Antivirus is one of the most trusted tools to have on endpoints to protect yourself against crypto mining.  Be sure to update your anti-virus regularly because the cryptominer authors constantly change their techniques to avoid detection at the endpoint.

Conclusion

Like ransomware, cryptojacking can affect your organization despite having an alert security team. Detecting this hacking event is quite difficult, especially if only a few systems are compromised. Cryptomining code can hide from signature-based detection tools; for example, desktop antivirus tools won’t flag this type of code, making detection even more difficult.

We suggest training your help desk to look for signs of crypto mining, deploy a network monitoring solution, monitor your websites for cryptomining code and stay abreast of cryptojacking trends.  Packetlabs’ ethical hackers are here to help you achieve these goals. Get in touch with us to know how we can help you deal with cryptojacking.