It sounds like an adrenaline-packed adventure sport. You can almost imagine telling your friends you went cryptojacking down a volcano whilst on vacation in Costa Rica. But no, sadly the only thing that will get high doing cryptojacking is your power bill. And probably the hacker behind it, filling his or her virtual wallet with Monero. So, what is cryptojacking again?
What Is Cryptojacking?
Cryptojacking is where a device is unexpectedly taken over to use its computational power to mine cryptocurrency. There are several ways this can happen. And just because you have a robust anti-virus in place doesn’t necessarily mean you’re safe. It’s fairly simple to download malicious code from a seemingly innocent vector, like a free content management system.
Coinhive is the most popular code for in-browser mining since it’s easy to deploy and often goes unnoticed. Even plugins like NoCoin for Chrome and Firefox may fail to detect Coinhive infected sites. In fact, as much as 82 percent of infected sites go undetected.
It’s a pretty safe bet that most of San Diego Zoo’s visitors aren’t into cryptocurrency. So, if you think that it’s an industry-specific problem, think again. You can get cryptojacked just about anywhere, at any time.
Cryptojacking is the biggest cybersecurity threat of 2018, with one-quarter of all businesses already falling victim to it. It’s not mega businesses the hackers are after either. It’s not cryptocurrency exchanges, ICOs, or even HODLers that they want. It’s anyone with a mobile phone, personal computer, server, or even IoT device.
What Is Cryptojacking Capable Of?
There’s good and bad news about cryptojacking. Unlike some more malicious attacks like Ransomware, the hackers aren’t aggressively taking hold of your device. You may not even realize that it’s happening, as long as they don’t set the code to use a very high amount of computational power.
What you may notice is that your device overheats or lags in performance. But, if you’re used to a device that runs less than optimal, let’s be honest, cryptojacking can pass by undetected – until a big power bill hits you at the end of the month. While this is a drag to be sure, it’s certainly not as bad as having your Ether wallet hacked or your data leaked.
In some cases, though, cryptojacking can damage your device. If the hacker gets too greedy with the amount of CPU, he or she takes your computer could be sent into an irreparable tailspin.
What Is Cryptojacking Prolific On?
Everyone knows that mining cryptocurrency takes a high amount of computational power. This means that company servers are the best target. Yet, cryptojacking is more about taking a little bit of power from a lot of devices, rather than one major attack. With that in mind, cryptojacking is now prolific on any device, from mobile phones to IoT devices.
According to Kaspersky Lab, once mobile mining becomes more profitable, cryptojacking will explode in proliferation. The sheer number of mobile devices worldwide makes them an obvious target.
Major Cryptojacking Incidents to Date
Although cryptojacking is a non-aggressive form of cybercrime, that shouldn’t make you more sympathetic to its perpetrators. They’re making a lot of money mining cryptocurrency illegally using other people’s devices without authorization.
Some of the most high-profile cases so far have been the Shominru mining botnet that infected over 500,000 machines. It targeted Windows’ servers and forced them to mine over $3.5 million of Monero.
Another major cryptojacking incident was the Siacoin Internet Cafe hack when hackers across China mined around $800,000 million in Siacoin by infecting internet cafes with malicious cryptojacking code.
Other Cool and Creepy Facts About Cryptojacking
- You don’t need technical skills to do it! According to a Digital Shadows’ report cited in CSO Online, you can buy “cryptojacking kits” on the dark web starting at just $30.
- In Q4 2017 incidents of cryptojacking exploded by 8,500 percent.
- Malvertising is a popular channel for infecting devices with crypto mining botnets.
- Android users are more susceptible to cryptojacking, with 60 million already hit by crypto miners this year.
- At least 13,000 WordPress Plugins contain critical security vulnerabilities that make them easy prey for hackers.
- Social media is also a big vector, especially through phishing tactics using official-looking emails asking users to click through to a site, which then runs a code on your computer.
- In-browser mining happens only when you visit the infected site. Close the site, stop the mining. Mining botnets downloaded to your device will sit and mine from now until infinity unless you get them removed.
- Avast Software found that Github was a popular vector for cunning crypto miners. They simply create forks of existing legitimate products and hide the malware within.
Can You Prevent Cryptojacking?
You may not be able to prevent cryptojacking. You may just get unlucky. But there are certain cyber hygiene practices that you can adopt. Never click on a link in an email. Don’t be fooled even by an HTTPS site, as it may still contain malware. Try running an anti-phishing software, antivirus, and adblocker. Plugins like NoCoin and MinerBlock may also help prevent some incidents.
Companies looking to prevent their servers from getting cryptojacked need to carry out good patch management and educate their employees on what to look out for to prevent phishing attacks.
It’s not always easy to detect cryptojacking since most desktop antiviruses won’t notice the malware. But you will see your battery getting extra hot or draining down quickly or your computer taking longer than usual to complete tasks.
What is cryptojacking? It’s 2018’s biggest cybercrime, which is growing in popularity. So, if you think your device may be infected, don’t wait. Go and get it checked out today.
This article was originally published on Coincentral.
“Top Misconceptions of Cryptocurrency as a Payment System”
Which can be read on Amazon Kindle Unlimited for Free You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)