For any business, privacy and security are a constant concern. The variety and velocity of attacks seeking to infiltrate corporate systems and steal vital business and customer information seem never-ending. Given the very public repercussions of certain types of breaches, it can be easy for executives and IT professionals to focus attention on only the most notable attacks. However, numerous industry studies have found that a quiet threat, known as cryptojacking, is rising faster than any other type of cyber incident.
Cryptojacking is a breach where malware is installed on a device connected to the internet (anything from a phone, to a gaming console, to an organization’s servers). Once installed, the malware uses the hijacked computing power to “mine” cryptocurrency without the user’s knowledge.
Unlike phishing or ransomware attacks, cryptojacking runs nearly silently in the background of the victim’s device, and as a result the increase in cryptojacking attacks has flown mainly under the radar. Yet, new studies suggest that attacks of this type have more than tripled since 2017, generating concern as these undetected breaches siphon energy, slow down performance of systems and expose victims to additional risk.
The rise of cryptojacking has followed the same upward trajectory as the value of cryptocurrency. Suddenly, digital “cash” is worth actual money and hackers, who usually have to take several steps to generate income from stolen data, have a direct path to cashing in on their exploits. But if all the malware does is sit quietly in the background generating cryptocurrency, is it really much of a danger? In short, yes – for two reasons.
In fundamental terms, cryptojacking attacks are about stealing… in this case energy and system resources. The energy might be minimal (more about that in a moment) but using resources slows the performance of the overall system and actually increases wear and tear on the hardware, reducing its lifespan, resulting in frustration, inefficiency and increased costs.
Much more importantly however, a cryptojacking-compromised system is a flashing warning sign that a vulnerability exists. Often, infiltrating a system to cryptojack involves opening access points that can be easily leveraged to steal other types of data. Cryptojacking not only appropriates valuable computer and energy resources, but also exposes victims to much more blatant and damaging data attacks.
Who is at risk?
Any connected device can be utilized to mine cryptocurrency, however, the goal of most cryptojacking operations is to hijack enough devices so that their processing power can be pooled, creating a much more effective network with which to generate income. This strategy relies on utilizing small amounts of power from several different machines, which also lessens the chances that the victim will realize they’ve been hacked because the power stolen is miniscule enough to be ignored.
Once hacked, the attacker will network these devices together to create large cryptojacking networks. These attacks are thus often focused on large corporations or businesses where access to multiple devices is easy and convenient.
Identifying and flagging cryptojacked devices can be difficult, requiring dedicated time and energy. In many cases, the malware might reside in compromised versions of legitimate software. As a result, security scans are less likely to flag the downloaded application as a threat.
The first clue that something may be amiss at the organization is the sudden slowing of devices or a rise in cross-company complaints about computer performance. If widespread, administrators should look to potential cryptojacking as the possible culprit.
Protecting the pack
Organizations and individuals looking to protect themselves need to ensure their overall privacy and security posture is high and that they are taking every step to defend themselves against all types of cyber incidents. Crytopjacking is often a warning shot, sending up a red flag that the system may not be as protected as it should be.
Relying on the basics is the first place to start – everyone on the network should be using multi-factor authentication and unique passwords. There should be continuous monitoring for unexpected activity on the network, as well as safeguards in place to make sure any software installed on a device comes from a reputable source and is fully patched. Finally, there needs to be a team dedicated to constantly monitoring, remediating and updating privacy and security safeguards.
While cryptojacking attacks are worrisome and can lead to further breaches, most can be avoided or remedied before a larger incident occurs with proper monitoring and early detection. The rise in cryptojacking should be taken as a good reminder for administrators to ensure their security and privacy measures adhere to the current standards.
After all, if there weren’t a lot of vulnerable systems out there this type of attack wouldn’t be growing at a rapid pace. As always, staying vigilant, up-to-date and following security best practices is the only way to stay shielded against cryptojacking cybercriminals.