Cybersecurity continues to be a major concern worldwide. Breaches and attacks increasingly expose personal and organizational data, and no one seems immune — not even governments or large enterprises.
Several large-scale cyber attacks have been perpetrated on websites like Politifact, Tesla, and the LA Times, with many more likely to come.
Cryptojacking Pushes Ransomware Off the Top Spot
The most dangerous cyber threat in recent memory is ransomware, which is estimated to cost U.S. businesses over a $1 billion yearly. However, there is a new kid on the block…cryptojacking, which has pushed ransomware off the top spot of cyber threats.
Reports claim that over 50,000 websites have been infected with cryptomining malware, several thousand of which utilize the WordPress platform.
The overwhelming and unprecedented success of Bitcoin, as well as other cryptocurrencies, continues to drive cryptomining and its criminal sidekick, cryptojacking. Projections indicate that this trend will continue as long as there’s high demand for cryptocurrency and its value keeps on rising.
The Growth of Cryptojacking
Statistics released by Kaspersky Lab show that the number of ransomware attacks perpetrated against users have dropped by almost half, from 1,152,299 in 2016–2017 to 751,606 in 2017–2018. Over this same period, the number of cryptojacking incidents increased from 1,900,000 to 2,700,000, increasing its share of all detected cyber threats from 3 to 4 percent.
Reports from MalwareByte show that over the last quarter, the number of detected cryptojacking attacks recorded a 27 percent increase in the business space as well as a 4000 percent increase among consumers.
As a result, cryptojacking is now the second most common digital infection worldwide, lagging only behind adware.
How Cryptojacking Works
Cryptojacking hijacks the computing power of the devices it infects to calculate hashes. In doing so, it slows down their overall performance. Resulting calculations are sent to an online mining pool or back to the attacker to be converted into cryptocurrency. While each machine that is cryptojacked contributes just a bit of computing cycle time, when combined, they function as distributed supercomputers that mine staggering amounts of cryptocurrency.
Usually, attackers target popular websites with large audiences (that number in the millions) and embed cryptojacking scripts on their servers. When a user visits such websites, his browser downloads the cryptojacking malware onto his device — where it continues to execute its malicious objectives.
Alternatively, cybercriminals may launch phishing attacks, attack exposed computer infrastructure, or maliciously use tools such as instant messaging services, mobile apps, and browser extensions to infect user devices with cryptojacking malware.
The hackers behind the recent cryptojacking attacks made use of CoinHive, a JavaScript mining tool, which can be embedded on web pages and operates within the browser windows of site visitors.
CoinHive was designed as a legitimate alternative to micropayments, dubious marketing tactics, intrusive ads, and artificial wait time in online games. But hackers perverted the script to force visitors’ systems to donate CPU power towards mining XMR or Monero coins.
Effects of Cryptojacking
Cryptojacking reduces the processing speed of end-user systems. Although cybersecurity experts agree that cryptojacking might pose less of a threat than other malware, since it doesn’t steal identities or encrypt files, it can potentially do serious damage — or enable additional threats.
Loss of productivity and damage to hardware are some of the more serious results of cryptojacking. After one of its malware trap systems was infected by numerous miners, MalwareBytes noted that the system’s graphics card had been completely burned out by revved up CPU and GPU cycles.
Costs to infected businesses include lost help desk manpower hours and IT time spent tracking down performance issues, as well as the financial cost of replacing damaged/infected components or systems.
However, the biggest risk of cryptomining malware is its potential to usher in additional malware. Once compromised, hackers can return to cryptojacked systems to launch more damaging cyber attacks, ranging from data exfiltration malware to keylogging malware.
As such, businesses need a comprehensive solution to help detect and shield their network resources and users from cryptojacking threats.
Detecting and Preventing Illegal Cryptomining Activities
Detection is the first step towards eliminating cryptojacking activities in an organization’s network. Although it is difficult, users can identify illegal cryptomining activities by looking out for signs such as:
- Increased CPU usage
- Overheating systems which could cause CPU or cooling fans to fail
- A spike in the number of help desk complaints about slow computer performance
- An unexplainable decrease in device lifespan
A network monitoring solution is one of the major tools that organizations can use to prevent and diffuse cryptojacking threats. Other strategies include:
- Comprehensive security awareness training for employees that focuses on cryptojacking threat vectors
- Installation of anti-cryptomining or ad-blocking extensions on web browsers
- Continuous updating of web filtering tools
However, these strategies alone are not enough on their own. Organizations need to employ additional security software to further protect themselves and their employees. For example, what a VPN can help with is anonymizing an individual’s presence on the Internet, decreasing the chances of being targeted by hackers. Ensuring all employees have an encrypted connection will add a valuable layer of protection.
Remote browser isolation provides an additional layer of endpoint protection that complements these existing technologies, enhances browser security, and ensures that endpoint devices cannot be exploited – all without compromising the user experience.
Remote browser isolation solutions leverage virtual browsers that reside in disposable containers outside of the network (usually in the DMZ or the cloud). Website contents are rendered away from endpoints. Only a clean, interactive visual stream is sent, in real time, to the browser on the user device. Once users leave a site or stop browsing, the container and virtual browser are destroyed, along with any malicious processes and files they may contain.
Even if cryptomining malware manages to slip in, it can only hog the limited processing resources available to the container – and only for a little while, before it too becomes history. Thus, endpoints are protected from opportunistic coinmining threats. With a remote browser isolation solution in place, organizations can be safe from cryptojacking threats.
Ilan Paretsky is Chief Marketing Officer at Ericom Software and is responsible for the global marketing activities of the company. Prior to joining Ericom in 2005, Mr. Paretsky held various leadership positions in marketing, business development, project management, and software development in the global software and telecom industries.
