What is cryptojacking?

Cryptojacking is a form of cybercrime in which hackers secretly use someone else’s computer, smartphone, or network resources to mine cryptocurrency. Without the victim’s knowledge, cybercriminals exploit system resources to run mining scripts that generate cryptocurrency, draining the device’s power and performance in the process. Unlike ransomware or other attacks, cryptojacking often goes unnoticed, making it a silent but damaging threat to both individuals and organizations.

A cryptojacking attack can be pretty straightforward–since there is no need to escalate privileges or move laterally to get to the host with the secret they need. Back in 2022 (!), our end-of-year report indicated, 35% of the web application compromise incidents we saw in 2021 resulted in the deployment of various cryptocurrency coin miners. It’s a sweet gig for the bad guys, too: after the miner is deployed, they can sit back, relax, and watch the money pile up.

Cryptojacking … the who and why

Cybercriminals are always looking for new ways to make money. We often hear about holding data or systems for ransom. But what about cryptojacking? It’s when a threat actor steals your organization’s computing resources/power and uses it to mine various crypto-currency blockchains. The bad news: it can slow your network way down, and even shut down critical processes.

How cryptojacking works

How do they get in? Public application exploitation. Access key compromise. Phishing emails. USB devices. Cryptojacking typically involves two main methods of attack, but the list grows every year.

1. Malicious websites or ads: Cybercriminals inject cryptomining scripts into websites or online ads. When users visit these compromised sites or interact with infected ads, the script automatically runs in the background, using the visitor’s processing power to mine cryptocurrency.
2. Malware infection: Hackers can also infect devices with malware specifically designed to mine cryptocurrency. This malware often spreads through phishing emails, malicious downloads, or unsecured networks.

In recent years, threat actors have launched numerous campaigns to breach poorly secured Kubernetes clusters and hijack their underlying cloud resources for cryptomining. Such attacks are designed for persistence. They can significantly degrade performance, increase energy consumption and cost, strain hardware resources, and provide a gateway for future attacks

In all cases, the mining activity happens without the user’s permission. This often makes the device work incorrectly as it uses more energy, and shortens its lifespan.

Signs of a cryptojacking attack

Since cryptojacking doesn’t typically involve overt disruption like ransomware, it can be difficult to detect.

However, there are several red flags to watch for:

• Slower performance: devices or networks may become noticeably sluggish, with increased lag times or crashes.
• Overheating: The use of CPU or GPU resources can cause devices to overheat, leading to hardware malfunctions or failure.
• Increased energy use: mining cryptocurrency demands significant processing power, which can result in higher-than-usual electricity bills.
• Unexplained CPU usage: a sudden spike in CPU or GPU usage, especially when no resource-heavy applications are running, can indicate cryptojacking.

Cryptojacking’s impact on organizations

For businesses, cryptojacking attacks can have serious consequences beyond just performance issues. Widespread cryptojacking can:

• Increase operational costs: the drain on energy and resources from these types of attacks can result in higher costs.
• Reduce productivity: slowed networks and devices hinder productivity, affecting daily operations.
• Shorten hardware lifespan: the excessive load on systems can lead to premature hardware failures, resulting in costly repairs or replacements.
• Increase security risks: cryptojacking infections may open the door to other vulnerabilities or indicate a broader breach of system security.

Cryptojacking protection

Fortunately, attacker entry points for cryptojacking overlap with those for other threat types like ransomware, so focused efforts to reduce your cryptojacking attack surface can help protect against multiple problems.

Cryptojacking prevention strategies

Cryptojacking prevention requires a multi-layered security approach, focusing on both personal devices and organizational networks. Here are some key steps:

• Install anti-malware software: use reputable anti-malware solutions to detect and block cryptomining scripts and malware.
• Update software regularly: keep operating systems, browsers, and software up-to-date to patch vulnerabilities that hackers may exploit.
• Use browser extensions: extensions like NoCoin and MinerBlock can block cryptojacking scripts from running on websites.
• Monitor system performance: regularly monitor CPU and GPU usage to detect unusual spikes that may indicate mining activity.
• Educate employees: if you’re an organization, ensure employees are aware of phishing schemes and how to avoid suspicious links or downloads.

Conclusion

What is cryptojacking? It’s a hidden but costly threat that affects both individuals and organizations. By understanding how cryptojacking works and implementing strong security measures, you can protect your devices and networks from unauthorized cryptomining activity. Stay vigilant and regularly monitor your system’s performance to catch potential signs of cryptojacking before it causes significant damage.