Cyber Security Degrees

Are You One of the Millions Secretly Victimized by Cryptojacking

Blockchain… Bitcoin… Cryptocurrency… And Now Cryptojacking!

I understand what you are thinking… These technologies are not for me, so why should I?

The market cap of cryptocurrencies has surpassed $264 billion as of March 2018. This is the new bull’s-eye for cybercriminals.

The bottom line is that hackers can infiltrate websites and other web pages.

Cryptocurrency, Mining and Cryptojacking 101

Nearly everyone has heard about the rise in cryptocurrency values like Bitcoin, Ethereum, and Monero. What is the significance of mining cryptocurrency and how does it affect me?

The central bank authorizes the issuance of new notes with regular money. It is susceptible to corruption like all man-made systems.

You can now enter the world of cryptocurrency or digital money. It is completely anonymous and secure.

Users can make secure payments using cryptocurrencies without the need to go through banks.

Transactions are generated through a process called mining or crypto mining. They are then verified and added to digital ledgers (blockchains) to prevent fraud, deception, and corruption.

These blockchains are difficult to verify and require significant CPU power. This is enough for an entire warehouse of computers from floor to ceiling, as well as the enormous electric bill.

Cryptominers receive fees from the merchants for each transaction as payment for their enormous costs.

It sounds pretty fair, right?! Payment for services rendered.

It sounds fair to cybercriminals, too.

You are here to get cryptojacked.

Cybercriminals are targeting computers, servers, and networks in an attempt to mine cryptocurrency using your resources like electricity, websites, and computers.

You pay for the resources, and the resource owners reap the financial rewards, up to millions of dollars.

An unknown hacker attacked Verge’s cryptocurrency platform on April 4, 2018. Although the attack only lasted three hours, it was unofficially reported that the attacker stole $1,373,544. The firm has since updated the system with a patch that will prevent any further exploits.

How a Cryptojacker Infiltrates

Cryptojackers can infiltrate victim’s computers to stealthily mine cryptocurrency.

Cryptojacking is easy to do and requires no download. It starts instantly, so it’s almost invisible.

Its undetectable nature makes it the stealth bomber of cyber threats.

In both cases, the malicious code runs stealthily on victims’ computers, stealing CPU resources and secretly mining cryptocurrency for the hacker.

Website owners and their visitors are in danger

Cryptojacking can be dangerously effective. With Bitcoin’s recent popularity, cybercriminals are shifting their attention away from ransomware to cryptocurrency mining.

According to The U.K.’s National Cyber Security Centre (UK), cryptojacking is a “significant” concern.

According to the report, 55% of all businesses were affected by crypto mining attacks in December 2017.

The agency stated that although we assume most cryptojacking is done by cybercriminals, website owners have used visitors’ CPUs without their consent to mine cryptocurrency for their financial gain.

Cryptojacking has a huge impact

Comodo Cybersecurity Threat Research Lab’s most recent quarterly report stated that “During Q1 2018, Comodo Cybersecurity detected 28.1 million incidents involving crypto miners.” Noting also that “cryptocurrencies are a favorite target for cybercriminals”.

The report also highlighted that the number of crypto-miner variants increased from 93.750 in January to 127,000 in March (Fig. 1. Ransomware activity declined 42% between January and March when it was 124,320 and 71,540.

Although no one knows how much cryptocurrency can be mined by cryptojacking, it doesn’t require any technical skills. Digital Shadows’ report, “The New Gold Rush Cryptocurrencies Are the New Frontier of Fraud”, states that cryptojacking tools can be purchased on the dark web for as low as $30.

Is there a cure for cryptojacking?

Cryptojacking is clearly a concern for 2018. The only way users may detect their devices being cryptojacked is through a slowdown of performance.

This happens to almost everyone at some point in our lives. It will make us wonder if we have been cryptojacked. What is the answer?

These attacks are constantly evolving and still in their infancy. Real-time monitoring of your site is one of the best solutions.

But who has the time and knowledge?

A few organizations have the network and monitoring tools, but not enough to be able to analyze the information and make accurate detection.

One such service is cWatch Web and it’s backed by human intelligence and a team of cybersecurity analysts. Don’t be cryptojacked. Continuous monitoring and protection will help you and your website stay safe.

Cryptojacking can be stopped by your existing endpoint security tools. Crypto mining code can hide from signature-based detection tools and desktop antivirus tools won’t see them.

You don’t have a helpdesk or can’t train it to spot the signs, so deploying a monitoring system might be your best option to detect crypto mining activity.