CryptoJacking: What is it & How Does it Work?
With the rise of cryptocurrency far from stopping, the multitude of ‘coins’ available and value increase has inspired a new type of crime; CryptoJacking. You’ve probably come across the term before, it’s been gaining traction in recent years targeting the general public, but now it’s expanding and targeting OT networks. But what is CryptoJacking and how does it work? Let me explain.
Cryptojacking is the term used when a computer is used for crypto mining without consent. Crypto mining is an expensive process, the cost of electric often outweighs the coins gained. Hence why large-scale cryptojacking is highly lucrative.
An OT network was targeted by crypto mining malware using the processing power of the ICS and lack of cyber security protecting them, events like Cyber Security for Critical Assets (CS4CA) can put you face to face with solution providers to help you safeguard from this potential threat and many others, so I’d highly recommend you check it out.
It’s not just on an industrial level, government sites were also found to be infected earlier this year with hackers taking advantage of a lack of security in an extension for disable people called “BrowserLoud”. Even technologically advanced companies like Tesla have seen their websites infected by cryptojacking software. Redlock; a cloud monitoring and defence company, discovered an AWS console that was not password protected, upon inspection they accessed Tesla’s cloud and found exposed customer credentials alongside a crypto mining script.
The cloud is a popular target for crypto jacking as it offers a virtually infinite resource, many launched services don’t have secure defaults, they operate launch first think about security later ideology, which isn’t acceptable.
Mobile phones and tablets are also vulnerable to cryptojacking, several apps were found to have cryptojacking scripts, they have since been removed from the App store, but as many mobile users don’t have security software on their phones more apps will surface and utilise the processing power of phones.
One website Salon even offered an ad-free service in exchange for browser crypto mining, which doesn’t really provide many benefits, as the detriment to your computer would render any experience useless. Its also a bad idea to accept these terms because once you accept one service, what’s to stop another service or malware running in the background?
Salon terms offering to use “Unused computing power” in exchange for no ads
A newer and more unexposed form of cryptojacking comes through “Drive by Mining” which can infect your computer through pop-up advertisements played on a website, this follows the same base code as CoinHive.
Drive by Mining graph
The most popular currency for cryptojacking is Monero. Its used by many crypto miners as it requires less processing power then bitcoin and is completely anonymous. Its value is less but when you consider the scope and infection level it adds up, websites like PirateBay were covertly cryptojacking user’s computers and making around $326,000 a month and a chrome plugin called “SafeBrowse” hijacked the computing power of its 140,000 users before being taken down by Google.
Closing a browser won’t stop the mining process as instances are still running in the background, so be sure to use the control panel to end the process and make a note of what sites you’ve visited and what questionable extensions you may have installed and seek to avoid them in the future.
Example of sporadic CPU spiking
As of March 2018, over 4000 sites were found to be cryptojacking their visitors, up from 2500 known sites in December 2017, that’s an average of 500 new sites every month if nothing is done to stop this growth it will only get worse. So, you ask, what can I do to protect myself and my company from cryptojacking? Well, it’s a few simple steps.
First, you should keep your software and hardware constantly updated, it seems rudimental but it’s something many people ignore as an ongoing inconvenience, but it’s the best way to safeguard your network. Getting in touch with Cyber Security solution providers like Indegy or Claroty can help safeguard your ICS systems, they’re also in attendance at the upcoming CS4CA event.
Upcoming CS4CA Event in Europe
Being more aware when clicking unknown links is another simple step if it’s from an unknown source or doesn’t look safe then avoid it. If your computer is running unusually slow, run tests to discover the fault
The technology is out there to stop this from becoming a much larger issue, it just needs to be enforced on a global scale, companies need to take cyber security seriously or cryptojacking will just become a gateway to more dangerous attacks.
To learn more about cyber security options for your company or even just to get a better idea of the potential threats affecting your industry check out the Cyber Security for Critical Assets summits taking place worldwide at https://www.cs4ca.com