Computers and the internet are wonderful inventions that have made lives better, but it shouldn’t come as a surprise that a few take advantage of these techs for their benefit. Not veering away from the common virus, spyware, and malware is the new threat of “cryptojacking.”
Audiences who streamed the TV show Billions on the Showtime network’s website in Fall 2017 may be familiar with cryptojacking. It was reported that a rogue script on the site directed some of the audience’s PCs to engage in cryptocurrency mining.
A more serious threat came in February 2018 when attackers compromised the web plugin Browsealoud and allowed them to steal mining power from users in different mainstream websites, including those of US federal courts system and the UK National Health Service.
Around the same time, infrastructure security firm Radiflow announced the discovery of a crypto mining malware in the operational technology network of a water utility in Europe. This makes the case the first known use of mining malware against an industrial control system.
For the uninitiated, cryptojacking involves installing scripts on other people’s connected devices that effectively “steal” their computing power for cryptomining purposes.
As you may have known, cryptocurrencies like Bitcoin can only be “mined” by solving complex mathematical puzzles, which require a lot of computing power. Your device may not be super-fast, but its processing power can still be stolen and added to a hacker’s machine, which allows them to mine more cryptocurrencies for themselves.
The rise of cryptojacking can be attributed to the birth of the first in-browser miner, Coinhive. The brand’s goal was to use untapped resources to create a second revenue stream for games or media sites, thereby reducing the need for ads. The premise is that web publishers can use the visitors’ computers to mine in exchange for free content.
While Coinhive had a good reputation initially, the copycats it resulted to did not. Coinhive’s image eventually also took a plunge upon the report of cryptojacking, so much so that the company has reportedly closed down.
Victims of the threat were not even aware that their devices have already been attacked. The malware is difficult to detect, only that a malicious app is running silently in the background. Before you know it, your machine is slowing down because the malware is increasing its power consumption.
How Does Cryptojacking Work?
There are two known ways as to how cryptojacking starts:
As a malware that infects your entire system
For the malware to start, hackers must first get the victim to click on a malicious link so that the cryptomining code loads onto the device, which is similar to phishing. The script will then run in the background while the victim continues to work.
Even though neither methods damage a computers’ data, it’s still an annoyance for users and organizations when their computers perform poorly. Cryptojacking involves “stealing” a computer’s resources, which can:
- Slow down other processes
- Increase your electricity bills
- Shorten the lifespan of your device.
For companies, compromised machines can incur real costs, with IT having to track down performance issues and replace components or systems to solve the problem.
Should You Care About Cryptojacking?
The simple answer: yes. To put into perspective, the statistics on cryptojacking prove that it’s a legitimate cause of concern. In a recent report from the Cyber Threat Alliance, there has been a whopping 459% increase in the rate of cryptojacking cases in 2018.
McAfee Labs reported in September 2018 that new cryptomining malware samples increased to 2.9 million in Q1 of 2018, from a measly 400,000 in the Q4 of 2017. For browser-based cryptojacking, Adguard found that there was a 31% growth rate. The research also found 33,000 websites running cryptomining scripts; these sites have a combined visitor count of a billion monthly.
In addition, according to mobile security firm Wandera, the number of mobile devices that had at least one cryptojacking script case increased by 287%. Microsoft recently reported that cryptojacking incidents in the Asia-Pacific raised by 17%, with India, Indonesia, and Sri Lanka highly affected by the attack. Other affected countries include Australia, China, Japan, Philippines, and many others.
Considering that cryptojacking is still in its infancy, you can, unfortunately, expect things to get worse. Whether you’re actively investing in cryptocurrencies or not, it’s best to start learning your options about how you can combat this threat right now.
How Can You Protect Yourself from Cryptojacking?
Here are a couple of ways to avoid falling victim to this threat:
The caveat is that other sites may not properly function as it can also block you from using features that you like and need. In that case, you can use extensions that specifically block cryptocurrency miners, such as minerBlock and No Coin that are available for Google Chrome, Firefox, and Opera. You can also protect yourself from ad malware by adding dubious sites to your ad blocking tool.
Install a full-suite security solution to protect your system
You’re lucky to have a working computer still if you’ve been using it without full-suite protection. Pick and install one that will not only secure you from mining malware, but also against virus, ransomware, and other threats, too. Don’t forget to update regularly.
Don’t Let Cryptojackers Steal From You
The blockchain revolution has made cryptomining legal, but in a landscape that’s constantly evolving, you shouldn’t always expect a change for the better.
Cryptojacking is a cause for concern, but simply staying on the defense will protect you from it. That involves being smart so that you won’t be taken advantage of—avoid random links and update your security software frequently.
Contact us today to find out how we’re changing the crypto world, one step at a time!