If you are in a business environment, this may manifest as a sudden spike in employee complaints about poor performance, or a noticeable increase in CPU wastage through overheating. Mining cryptocurrency is designed to be a CPU-intensive task, after all, and so a good indication of infection is a machine overheating. Instead, look for signs your systems are working harder than they should. One of the factors that makes cryptojacking so hard to detect is many of the scripts used in these attacks are in fact legitimate crypto-mining scripts - and so will not be detected as malware by signature-based security tools. In addition, even if the only outcome of an infection is to slow down a user’s machine, companies can lose significant revenue in tracking down performance issues, or even replacing components that have been wrecked by the demands of crypto mining.Ĭryptojacking can be pretty hard to detect, but there are a few sure signs that your machine, or those of your employees, are infected:įirstly, don’t rely on standard anti-virus tools or scanning software.
Whilst cryptojacking does not aim to steal information or otherwise damage a victim’s computer, it may be used to deliver malicious code that can.
The consequences of infection may sound benign, but they are not. By far the most common example is use of JavaScript advertisements: By inserting malicious code into the JS scripts that sit behind these, a user’s browser can generate cryptocurrency without their knowledge.
The second major method is using scripts embedded in websites to run crypto mining software in a victim’s browser. If a user does so, a crypto mining script is loaded onto their computer, and runs silently in the background whenever that machine is on. A common method, for instance, is to send users a legitimate-looking email encouraging them to click a link. The techniques used to do this resemble those used in phishing attacks. The first is to trick a user into loading crypto mining software onto their computer, as with the recent BadShell attack – a “file-less” malware that did not require a download. There are essentially two methods of implementing a cryptojacking attack, and both are quite similar to other forms of attack. With ransomware, criminals are reliant on users paying a ransom, whereas cryptojacking software will run silently in the background, slowly generating income. It relies on attack vectors that have long been used to deliver ransomware, or to build botnets, which all but guarantees a successful infection will generate revenue for an attacker. The rise in cryptojacking is being driven by how easy it is to implement. Indeed, some cryptojacking mechanisms make explicit use of botnets. This rapid growth is due partly to the fact that cryptojacking relies on techniques developed to facilitate a much older form of attack: botnets.
There is no doubt, however, that the practice is widespread. It’s very difficult to assess the scale of cryptojacking, not least because many of the scripts used to hijack victims’ computers are based on legitimate crypto mining software. For most users, the only indication they’ve been cryptojacked is slightly slower performance, which is why these attacks are so hard to detect. Whichever method is used, crypto mining code then runs in the background of a victim’s computer and generates profits for an attacker. These attacks often work by getting a victim to click a malicious link in an email that then loads crypto mining code onto their computer - or by infecting an online ad with JavaScript code that executes through a browser. But there’s been a rise in the practice during recent years.Ĭryptojacking works in a fairly simple way, but that doesn’t mean it’s easy to detect or defend against.
If you’ve never heard of it before, that’s likely because - up until recently -cryptojacking was a fairly niche concern. IoT Chip to Cloud Integration Blueprintĭid you know you can automate the management and renewal of every certificate?Ĭryptojacking is the malicious use of a victim’s computer to mine cryptocurrency, and is a growing problem for both individual users and companies.IoT Device Identity Lifecycle Management.
See GlobalSign’s full line of solutions.