Cryptojacking - A New but Common Threat That Businesses and Individuals Face

Blog / Cryptojacking - A New but Common Threat That Businesses and Individuals Face

Cryptojacking - A New but Common Threat That Businesses and Individuals Face

What is Cryptojacking? 

Cryptojacking is when cyber criminals gain unauthorised access to ‘mine’ for cryptocurrency. It is an emerging threat that aims to stay hidden as it gathers the target machine’s resources to ‘mine’ for online forms of money, also known as cryptocurrency. Any type of device can be affected, including desktop computers, laptops, smart phones and network servers. 

This form of invasion is designed to remain hidden and the primary driving force behind it is money.  

What are cryptocurrencies? 

Cryptocurrency is digital money used, of course in the digital sphere, which takes the form of tokens or coins. The most commonly known example of a cryptocurrency is the Bitcoin. Some cryptocurrencies have diverged into the physical world however most remain exclusive to digital operation.  

Cryptocurrencies are operated by the use of a distributed data base, also known as ‘blockchain’. The blockchain is frequently updated with information about transactions that took place prior to the last update. Each assortment of recent transactions is combined into a ‘block’.  

To generate new ‘blocks’, cryptocurrencies require individuals to provide computing power. Those who provide computing power (referred to as ‘miners’) are usually rewarded with cryptocurrency. Larger cryptocurrencies are run using a team of miners operating the necessary computer rigs required to complete the mathematical calculations needed to generate the needed blocks. As an example, the Bitcoin organisation requires more that 73TWh of energy per year. 

How do people use crypto currencies? 

Users keep their money in virtual wallets which are protected with privately encrypted keys. During a transaction between the two or more individuals associated, a record of this exchange will be entered into the decentralized public digital ledger. Designated computers collect data from the latest Bitcoin or other cryptocurrency transactions which then turns them into a mathematical puzzle. At this stage, the transaction within the puzzle needs to be confirmed before being deemed successful.  

The transaction can only be confirmed when the miners solve the complex mathematical puzzle to prove the legitimacy of the transaction. Once the transaction is authenticated, the money will be transferred to the receiver’s digital wallet. 

How is cryptojacking executed? 

Cyber criminals will install a cryptojacking software on to the device that they are successful in hacking. The software will then run in the background, acting as a ‘mine’ for cryptocurrencies. The software may also be used by cybercriminals to steal cryptocurrency from other people’s digital wallets.    

Hackers involved with cryptocurrency typically utilise the two following methods to turn their victim’s desktop/laptop into a secret mine for cryptocurrencies: 

  • By tricking their target into clicking on a malicious link (usually sent to the victim’s email) that will load a cryptomining code on the affected device  
  • By infecting a website or an online ad as with a JavaScript coded with the malware which will automatically execute the code. 

Cryptojacking is a problem for businesses as: 

  • It can be expensive and time consuming to deal with.  
  • The IT staff will need time to determine the source of performance issues and replace affected systems or components to solve the problem. 
  •  Along with further costs for the replaces components, electricity costs will increase due to stolen computer power. 

Some cryptomining scripts are programs as worming malware which enables them to infect other devices and servers associated with the same network. This increases the time and cost needed to remove them, as well as increased IT labour cost.  

Detecting cryptojacking 

There are three main things that one needs to look out for: 

  1. Slower systems – Check to see if your device(s) are running slower than usual, continuously crashing unexplainably, increased frequency and rate of battery drainage and in general for unusually poor performance. Your device will be harder to successfully troubleshoot due to the slower performance rate of your device. 
  2. Overheating of your device(s) – This is a key indicator. If the fan of the laptop or computer is running faster than usual and with louder volume, this can be a sign that a cryptjacking script is being ran on your device. The device’s performance may be stretched to its limit, to the point where the fan is running at the speed required to prevent melting or fire.  
  3. Increased CPU usage – If you notice increased CPU usage despite being on a website with little to no media content, this could be a sign that a cryptojacking script is being executed on your device. An effective cryptojacking test is to examine the CPU usage on your device using Task Manager or Activity Monitor. Remember: These processes may be hidden or acting as a legitimate request designed to hinder you from stopping the processing of the code.  

Protecting yourself and your business from cryptojacking: 

  • Have a good cybersecurity program in place – Using a regularly updated antivirus software can enable you to detect threats to your system and remove them.  
  • Regular patching and updating – Especially with web browsers. This will detect and patch vulnerabilities found.  
  • Keep up to date with the recent cryptojacking trends – Cyber criminals endeavour to create new methods to deliver their malware to their victim’s system as well as update their codes. Keeping up to date with recent trends in cybersecurity threats will improve your detection skills. 
  • Use browser extensions that provide protection against cryptojacking – Utilising browser extensions designed to block cryptojackers will provide further protection against your system being cryptojacked. Examples of these extensions can be minerBlock, No Coin and Anti Miner which can be installed as extensions to browsers.  
  • Use ad blockers – Installing an ad blocker will prevent a cryptojacking script from being dropped into your system under the guise of advertisement. This will also prevent you and other users from being duped into clicking the advert and inadvertently infecting your system. Ad Blocker Plus can detect and block cryptojacking scripts.  
  • Disable JavaScript – This can prevent your system from being infected with a cryptojacking code however, this method may block you from using other functions. 
  • Blacklist sites infamous for cryptojacking and be careful of the sites you visit in general.  

How can Securiwiser help?  

Securiwiser can conduct regular scans for your system and provide the exact details of any found underlying threats. We can further explain these threats to our clients and provide the best course of action that will save your business time and money.  

Our aim is to also ensure that our clients are confident in their knowledge about various cyber threats that their businesses may face, increasing trends and frequencies of certain threats and protection and prevention methods that are cost effective and time saving.

How secure is

your school?

Security test

How secure is

your school?

Security test