Hackers could be using your IT systems for profit, and you would never know.
Has your business fallen victim to cryptojacking? This relatively new form of cyber crime is often subtle and hard to detect, and it can affect just about any device with an internet connection. So what is cryptojacking, and what does it mean for businesses?
Put simply, cryptojacking is the act of hijacking computer processing power to mine cryptocurrency. The most well-known of these is Bitcoin, but there are many more, and hackers are eager to get their hands on them.
The problem for them is that mining cryptocurrency can be a time-consuming and expensive activity. As more and more people try to solve the cryptographic puzzles at the heart of crypto coin mining, the harder it gets. This is built right into their design, to ensure a consistent rate of new coins.
To solve these problems, large amounts of processing power are needed, and that increases with the difficulty. As well as the cost of the computer hardware, this means miners face large energy bills, because the more computers are made to do, the more electricity they use.
Rather than go to all this effort, though, criminals have found a few alternative ways for gaining cryptocurrency:
- Stealing it: On more than one occasion, hackers have broken into coin exchanges, where users trade cryptocurrency, and simply walked off with millions of pounds’ worth of crypto.
- Ransomware: Want more crypto? Just encrypt someone’s data until they buy you some. Because of the difficulty in tracing cryptocurrency, ransomware peddlers favour it as a form of payment.
- Cryptojacking: Take advantage of other people’s computers to get them to mine more crypto for you.
Although recent figures suggest cryptojacking cases fell last year, with hackers gravitating back towards ransomware, it’s still a significant problem. And criminals tend to migrate from one type of attack to another over time, so we wouldn’t be surprised if it experiences a resurgence in years to come.
One of the key attractions of cryptojacking it that it requires little effort, and it can be left to run, constantly generating money. Criminals can purchase the necessary software cheaply, and because it runs in the background of the victims' devices, they may never notice anything wrong. Even when they do, they will likely not bother pursuing it, because no apparent damage has been done.
Desktop PCs, laptops and servers are prime targets, because they have the most processing power, but cryptojacking doesn’t stop there. Mobile phones and tablets are targets as well. Even Internet of Things devices, including media players like the Amazon Fire TV, are vulnerable.
The impact of such attacks varies, but typically users will experience slowdowns, as their devices struggle to deal with the extra workload. As the system churns through all of this, the additional demand on electrical components will result in higher operating temperatures, which translates, long-term, to higher energy bills and a shorter lifespan for those components. This can all lead to increased IT support costs and wasted time while problems are diagnosed.
But it’s not always so simple to detect cryptojacking. It’s in hackers’ best interests to go undetected, so some cryptojacking software will do its best to remain hidden. Some variants, for example, stop mining as soon as the user moves their mouse (i.e. when they’re actually using their computer).
So how do you defend against an attack you may not even realise is happening?
First, you need to understand how cryptojacking software got onto your devices in the first place. That won’t necessarily help you with any existing infections, but it will help to prevent further ones.
The primary avenues of infection are:
- Email attachments: Often posing as parties known to the victims, hackers will send files containing malicious code, which will install cryptojacking software.
- Web pages: A large proportion of cryptojacking happens via web browsers. Users may be directed to the pages or may find their own way there, but either way, code will run in the background, secretly mining cryptocurrency.
- Rogue web ads: Hackers can run code via malicious adverts, which in some cases have been found even on legitimate sites.
- Rogue apps: Pirated applications are often used to spread malware, but even apps in legitimate marketplaces, such as Google Play, can be a threat.
Of course, these attack vectors are not unique to cryptojacking. Viruses, worms, ransomware and so on are all delivered in the same ways. In any case, businesses should always be aware of what content is allowed on their networks, and they should ensure employees have appropriate cyber security training. It is also advisable to use a device management solution to control what apps can be installed on devices and what permissions they have.
But probably the most effective way to detect and protect against cryptojacking is network monitoring. Such solutions enable observation of your network as a whole, so it is possible to identify suspicious spikes in network traffic and discover which devices are affected. TMB’s own Network Management Service, for example, enables us to instantly produce an informative, accurate map of our customers’ networks, and problematic network traffic can be automatically flagged. From there, we can investigate further to determine the cause of the issue.
Cryptojacking is perhaps less of a threat than other types of cyber attack, but it should not be taken lightly. The fact is if criminals have breached your defences to install cryptojacking software, then at any time they could use that access to do much, much worse to your business. Try not to find out the hard way.