As the cryptocurrency markets have gained value and become more mainstream in recent years, we’ve seen a digital gold rush to cryptomine for new Bitcoin, Ethereum, Monero, and more recently, Dogecoin.
-
What is Cryptojacking?
Cryptojacking is the act of using other people’s computational resources without their knowledge or permission for cryptomining activities.
When your mobile devices, laptops, and servers etc are cryptojacked, attackers are actually effectively stealing the CPUs of your devices, to mine for cryptocurrencies, like Bitcoin, Dash, Doge, etc. Cybercriminals who launch cryptojacking campaigns are more interested in your device’s computing power than your own personal data.
To understand why, it’s helpful to consider the economics of cryptocurrency mining.
Mining for cryptocurrencies like Bitcoin and Monero takes some serious (huge) computing resources to solve the complex algorithms used to discover new coins. These resources are not cheap...As anyone who pays their organization’s AWS bill or data center utility bill knows very well that these computing resources are costly.
So, in order for cryptocurrency mining to be profitable and worthwhile, the market value of the cryptocurrency must be higher than the cost of mining it. Now think of what if you can eliminate your resource costs altogether by stealing others people’s resources to do the mining for you.
When such cryptojacking attacks are executed, they silently convert millions of devices into 'Cryptomining bots', making cybercriminals profitable. They do it, by evading detection by traditional antivirus tools so that they can quietly run all the time, in the background of the machine.
-
Cryptomining vs. Cryptojacking
The lines between cryptomining and cryptojacking are blurry. For example, the cryptomining “startup” Coinhive has positioned its technology as an alternative way to monetize a website, instead of by serving ads or charging a subscription. According to the website, the folks behind Coinhive, “dream about it as an alternative to micropayments, artificial wait time in online games, intrusive ads and dubious marketing tactics.”
Yet the same company, Coinhive was found to be one of the most common culprits in cryptojacking attacks the year 2018. In fact, one report analyzed cryptojacking sites and found that nearly 50,000 websites were running cryptocurrency malware, and Coinhive was among them. Coinhive victims included the Los Angeles Times, Politifact.com, and both AOL and Google’s Ad Networks. Further blurring the lines, Coinhive was heavily criticized for its handling of (or lack thereof) abuse complaints.
There was a dramatic rise in cryptojacking attacks in 2018, so much so that many in the infosec community started to consider all cryptominers as malware. And, browser developers started to introduce browser extensions to block cryptomining activities, such as No Coin.
This “trust-no-miner” sentiment is still strong in the infosec community.
So, while legitimate cryptomining activities will likely continue to grow as the cryptocurrency markets evolve with investments in large-scale operations, it’s unlikely that cryptomining as a form of micropayment will gain mass adoption any time soon.
Most common cryptojacking attacks are happening via your Browsers, and attackers love your 'Public Cloud' platforms, because once penetrated cloud offers them literally infinite computing resources.
Just in April 2021, Cybersecurity researchers at Sophos have identified attackers attempting to take advantage of the Microsoft Exchange Server ProxyLogon exploit to secretly install a Monero cryptominer on unpatched Exchange servers, as some big zero-day vulnerabilities have been found in MS Exchange Server.
-
What’s your stake in Cryptojacking ?
Cryptojacking attacks may not be as devastating as a ransomware attack, they can still cause serious damage to your business.
-
When an attacker exploits a website vulnerability by injecting a cryptomining tool like Coinhive, it can slow down page load time, driving away your visitors, users, or shoppers. Some attacks intentionally add a delay so that they can use more resources while the user waits for the page to load, as seen in the attack against Starbucks’ WiFi network in Buenos Aires cafes.
-
If cryptominers persist in your infrastructure, you might unknowingly be footing a higher data center utility bill or cloud services provider bill. Think of it like this: If ransomware were grand theft auto, cryptojacking would be more akin to someone siphoning the gas from your tank little by little. You might not notice it right away, but your more frequent stops at the gas pump would eventually add up. That’s not all. Running CPU and GPU higher for a longer time can accelerate the wear and tear on your hardware, shortening its lifecycle and increasing your hardware costs.
-
No one wants to wake up to an egregious bill from your cloud services provider because an attacker spun up infinite resources overnight for cryptomining. While many security and IT teams have put in place auto-scaling limits to safeguard against this, some cryptojacking attacks are designed to start deleting existing cloud services when that limit is met. It results in data-loss to you.
-
Attackers are becoming increasingly efficient in their mal-doings by packaging multiple attack modules and payloads into a single campaign. A malware campaign might drop a cryptominer packaged alongside a keylogger, backdoor, and other tools and techniques. If you detect cryptomining activities in your environment, don’t assume that the attackers’ intentions are single threaded. Opportunist attackers seeking financial gain will try to maximize their profits, whether by stealing your resources, your data, or both, if you let them.
-
To keep you at pace with the latest cryptojacking attacks without draining your security resources, you will need automated security monitoring and advanced threat hunting activities.
Please let me know of what do you think about this in the comment section. You can also share with all if the information shared here helps you in some manner.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM