Given the very public repercussions of certain types of breaches, it can be easy for executives and IT professionals to focus their attention on the most sensationalized attacks. However, doing so takes their eye off more subtle threats that can cause just as much damage. One of those quiet threats teams should begin monitoring is cryptojacking. Why the sudden concern? Numerous industry studies suggest that cryptojacking incidents are increasing faster than any other type of cyber incident. In fact, reports indicate that it has tripled since 2017.
Cryptojacking is a breach where malware is installed on a device connected to the internet (anything from a phone, to a gaming console, to an organization’s servers) in order to hijack computing power to “mine” cryptocurrency without the user’s knowledge. Unlike phishing or ransomware attacks, cryptojacking runs nearly silently in the background of the victim’s device, which is why it is difficult to detect.
Why are cryptojacking rates on the rise? Fraudsters love cryptojacking’s stealthy nature just as much as its fast and lucrative payouts. Unlike other types of attacks that require many additional steps to convert that data into a payout, cryptojacking provides a direct path to cashing in on exploits. Because the value of cryptocurrency fluctuates, well-timed criminals can earn exponentially higher payouts if they cash out at the right time.
Who gets cryptojacked and how do you recognize it?
The goal of most cryptojacking operations is to hijack enough devices so that their processing power can be pooled, creating a much more effective network with which to generate income. This strategy relies on utilizing small amounts of power from many different machines, this attack is designed specifically so that each device uses so little power that network administrators and users won’t even notice it is happening. This is the truly dangerous aspect of this attack. Once hacked, the attacker will pool these devices to create large cryptojacking networks. These attacks are thus often focused on large corporations or businesses where, once access is gained, infection of multiple devices is easy and convenient.
Identifying and flagging cryptojacked devices can be difficult, requiring dedicated time and energy. In many cases the malware might reside in compromised versions of legitimate software. As a result, security scans are less likely to flag the downloaded application as a threat. However, the sudden slowing of devices or a rise in cross-company complaints about computer performance should raise a red flag. Administrators should look to cryptojacking as the possible culprit to prevent irreversible damage.
There are several risks to a business victimized by cryptojacking, including:
- Productivity impacts: When computer systems slow down, employee productivity is immediately impacted. They may spend time trying to troubleshoot their systems or be forced to wait for the IT department to provide a fix.
- IT and energy drain: When a helpdesk ticket opens, IT must spring into action and determine the root cause of the issue, taking their time away from other important matters. As importantly, there is a physical cost to the hijacked power consumption.
- Unnecessary equipment replacement costs: Not only does cryptojacking lead to wear and tear on hardware, it might lead to premature upgrade cycles generating additional costs for the business.
- Opens the door to more threats: But cryptojacking doesn’t just siphon off energy or slow down system performance, it also exposes victims to additional risk as cryptojacking involves opening access points that can be easily leveraged for other types of attacks such as ransomware.
How do you prevent an attack?
Organizations looking to protect themselves need to ensure their overall privacy and security posture is high and that they are taking every step to defend themselves against all types of cyber incidents. Crytopjacking is often a warning shot, sending up a red flag that the system may not be as protected as it should be.
Making sure everyone is using multi-factor authentication and unique passwords is good place to start. There should also be continuous monitoring for unexpected activity on the network (for instance, after business hours), as well as safeguards in place to make sure any software installed on a device comes from a reputable source and is fully patched. Finally, there needs to be a team dedicated to constantly monitoring, remediating and updating privacy and security safeguards.
The rise in cryptojacking should be taken as a good reminder for administrators to ensure their security and privacy measures adhere to the current standards. After all, if there weren’t a lot of vulnerable systems out there, this type of attack wouldn’t be growing at a rapid pace.