How Cryptojacking Works
Hackers secretly mine cryptocurrencies from your computer in two ways:
1. Through Phishing-Like Tactics
Cyber Attackers can trick you into loading crypto mining codes onto your system using phishing-like tricks. You may receive an authentic-looking email encouraging you to access an external link. As soon as you click the link, the link runs a code that places the crypto mining script on your computer, which then works in the background.
2. Corrupt Websites or Ads
Hackers can inject a script on a website or an ad. The script automatically executes once you visit the website or the ad. In this cryptojacking approach, the code does not reside on victims’ computers.
The cryptomining code runs complex mathematical algorithms on the victim’s computer and sends the results back to the hacker. In most cases, hackers use both methods because it maximizes their return. Some crypto mining scripts even help hackers infect other devices and servers on a network.
Cryptojacking: Past and Present
There is no evidence concerning the extent of cryptocurrency mining through cryptojacking, but there is no question it exists. Here are some key facts:
The volume of cryptojacking attacks fell 78% in the second half of 2019 because of Coinhive closure, which used to be a legal mining service that provided scripts and servers for in-browser mining activities.
Cryptomining is still in its infancy, but it can have severe outcomes. For instance, the Smominru cryptomining botnet in January 2018 infected more than a half-million machines. Most of these machines were in India, Russia, and Taiwan. It targeted Windows servers to mine Monero, generating around $3.6 million by the end of January.
The Palo Alto Networks incident provided another example of cryptojacking when attackers tried to cryptojack Docker images and mine for Monero. In June 2020, Palo Alto Networks found a cryptojacking scheme, delivering crypto mining software to victims’ systems using Docker images on the Docker Hub network. The hackers conducted their attack in this way because it is not easy to detect the cause if they place the cryptomining code within a Docker image. Hackers accessed the infected images more than two million times, earning $36,000 in ill-gotten gains.
While there isn’t as much cryptojacking occurring in the present day, it is still popular because the attack technique does not require any significant technical skills — you can easily buy cryptojacking kits on the dark web for just $30. It is an easy way for hackers to make money.
How to Prevent Cryptojacking
Here are some of the best ways to minimize the risk of your organization falling prey to cryptojacking:
Training Your Employees
When technical solutions fail, training will save the day. You can include cryptojacking threats as a part of your security awareness training, discussing all the possible phishing-type attempts that load scripts onto users’ computers.
Having Anti-Cryptomining Extensions
Because most cryptojacking scripts enter your systems through web ads, it is wise to install an ad blocker. It can help you detect and block ads which will also block cryptomining scripts.
Using Endpoint Protection
Antivirus is one of the most trusted tools to have on endpoints to protect yourself against crypto mining. Be sure to update your anti-virus regularly because the cryptominer authors constantly change their techniques to avoid detection at the endpoint.
Like ransomware, cryptojacking can affect your organization despite having an alert security team. Detecting this hacking event is quite difficult, especially if only a few systems are compromised. Cryptomining code can hide from signature-based detection tools; for example, desktop antivirus tools won’t flag this type of code, making detection even more difficult.
We suggest training your help desk to look for signs of crypto mining, deploy a network monitoring solution, monitor your websites for cryptomining code and stay abreast of cryptojacking trends. Packetlabs’ ethical hackers are here to help you achieve these goals. Get in touch with us to know how we can help you deal with cryptojacking.
10 January - Blog
Your Guide to Objective-Based Penetration Testing
14 December - Blog
2022 in Review and Our Predictions for 2023: Cyber-Threat Landscape
05 December - Blog
Choosing a Penetration Testing Company: Methodology & Certifications