What enterprises need to know about cryptojacking
By Max BurkhalterMay 10, 2019
Of all the modern cyberthreats enterprise IT managers have on their radar, cryptojacking is most often dismissed as a low-tier priority. While the practice does not have as many immediate risks as malware or ransomware attacks, it can lead to serious device and network performance issues if left unchecked. To prevent costly inefficiencies, corporate security personnel have started to take a closer look at the specific consequences of large-scale crypto-mining operations, though it can be helpful to start with the basics.
What is cryptojacking?
According to CSO, cryptojacking refers to the "unauthorized use of someone else's computer to mine cryptocurrency." Over the past few years, digital currencies have become increasingly popular, leading many tech-minded entrepreneurs to develop new methods for making a profit. Cryptocurrencies are created using computer programs that require a lot of operating power, often much more than a single device can produce. All transactions are recorded on the "blockchain," a peer-to-peer network that timestamps every monetary interaction as a hash-based proof of work. While there are a variety of different cryptocurrencies on the market, Bitcoin is considered the most valuable, though it has become difficult to mine of late, due to its popularity and the massive processing power involved.
In its 2018 Internet Security Threat Report, Symantec outlined two primary methods used to mine cryptocurrencies on personal and business computers:
- File-based coin mining: An executable file is downloaded onto a computer or IoT device and runs in the background.
- Browser-based coin mining: Scripted languages execute mining operations inside a web browser when a user visits specific websites.
In both instances, coin miners are leveraging a computer's central processing unit power to run files and code. Cryptojacking comes into play when hackers install coin mining programs on a victim's computing devices without their knowledge or consent. This is often achieved through malicious links on websites and in emails, or through JavaScript code that auto-executes mining operations when a user visits an infected website. While the extent of cryptojacking is uncertain, some security firms believe the practice is growing out of control. A recent report from the Cyber Threat Alliance found that illicit crypto-mining malware detection increased by 459% between 2017 and 2018. What's more, in 2017 Adguard discovered that cryptojacking scripts were being run on over 33,000 websites, many of which ranked among Alexa's top 100K list.
The consequences of cryptojacking
Compared to other more aggressive forms of cybercrime that cause immediate damage and financial harm, cryptojacking may sound like a benign threat. While it's true that most coin mining scripts do not harm computers or steal users' data, they often severely impact the overall performance of personal and business devices. Cryptojacking saps CPU processing resources to support its coin mining operations, slowing down the execution of programs and applications in the process. Consumers may consider this a minor inconvenience, but enterprise organizations can suffer notable losses in the form of increased IT support tickets, higher electrical bills and decreased productivity.
Generally speaking, the presence of cryptocurrency-mining malware in an organization's IT infrastructure points to broader issues with its cybersecurity protocols. As a 2019 article from Info Security Magazine pointed out, a vast majority of illicit crypto mining programs capitalize on poor cybersecurity hygiene and inefficient patch management to infiltrate and spread throughout enterprise networks. Researchers from Check Point found that close to 55% of organizations were impacted by the activities of crypto miners, with the following malware programs standing as the most common culprits:
- Coinhive: Implants JavaScript into web pages to enable browser-based coin mining of Monero cryptocurrency.
- Rig ek: Delivers exploits for Flash, Java, Silverlight and Internet Explorer by redirecting users to an infected landing page that checks for vulnerable plug-ins.
- Roughted: Uses "malvertising" tactics to distribute various payloads - from scams and adware to exploit kits and ransomware infections - and is able to bypass most ad-blockers.
- Fireball: Hijacks web browsers to act as full-functioning malware downloaders, executing malicious code and stealing user credentials.
- Ramnit: Steals a range of personal data, including banking credentials, browser cookies, FTP passwords and more.
Using these (and other) malware tools, crypto miners are able to link several disparate computers and mobile devices into a massive botnet, which is much more profitable than using browser-based mining tactics. According to Symantec, cybercriminals operating a botnet of 100,000 devices could generate up to $750,000 by mining cryptocurrencies in just 30 days, compared to $30,000 for operations of equal size that rely on web browser scripts. It's clear that cryptojacking is a lucrative form of cybercrime that will likely continue to expand over the next decade. To keep pace with existing and emergent crypto-mining tactics, companies must deploy robust system and network security protocols that can identify vulnerabilities and remove malicious code before it spreads.
Perle offers industry-grade connectivity tools that can help organizations safeguard their mission critical operations and maintain their system sustainability over the long term. Read some of our customer stories to find out how we've helped other enterprises improve their infrastructure and stay connected when it mattered most.