June 14, 2018
Have any of your devices suddenly become a bit slow, whilst also using up the battery quicker than usual for no apparent reason? Chances are that it is now a resource for cryptocurrency miners, without your knowledge.
Cryptojacking, though not a new problem in the world of cybersecurity, is definitely considered one of the most evolved malware monetization techniques and it is making these bad actors millions of dollars. The problem with Cryptojacking is that it harms the hosting systems with minimal visible effects, making it extremely hard to detect.
Furthermore, to continue the monetary gains through Cryptojacking attacks (with the ‘no-detection’ philosophy) the attackers have to target a large number of servers, making its position as an attack vector doubtful and therefore seemingly less threatening.
However, the recent case of the Monero Miners has brought the harmful potential of the technique to the surface once again, compelling all the affected and responsible parties to re-assess their risk management systems.
How does Cryptojacking work and how can you protect your system from it?
The intangible nature of Cryptojacking makes it difficult to detect or repair or even assess the losses it incurs. Therefore, in order to protect your systems from the attack, it is really important to understand how it works.
To become a victim of a Cryptojacking attack, a system first needs exposure to an infected resource. It could be as simple as a scam website with a malicious code, through which the attacker gets the access of the system’s processor. The processor then becomes available for the mining processes that will happen in the background, consuming resources without the users’ acknowledgement. In response to this, Wilson Pennington, a senior technician from Birmingham, states that most of the victims of cryptojacking would not even realize that their system is under attack because the attackers would stay clear of the device’s memory to avoid detection and complete all the work in the background.
So the best way to protect your system from such attacks is to keep your anti-malware software updated with security patches that the responsible technology companies keep releasing in order to extend their protection coverage against such attacks.
You may also install a more extensive security solution that covers all the servers in your network, even the ones that are facing the public. Also, hire dedicated service providers to monitor your cloud network regularly in order to detect and repair the probable weak points as soon as they emerge.
Another way of protecting individual devices comes from the case study of the Monero miners. The three suspects, who are actually being criminally prosecuted by Japanese police, were using a simple JavaScript snippet that was previously used by UNICEF Australia to raise funds through cryptocurrency for underprivileged children. They embedded their website with the JavaScript code and made all the systems that visited their website their source for cryptocurrency mining. So another way in which you can limit your susceptibility is by avoiding scams outright and to stop using websites that are visibly making your systems slower.
For better protective measures, you may also refer to the FTC report, which the federal agency has released just for this very purpose. If you need more cybersecurity tips to safeguard your personal devices from Cryptojacking as well as all the other prevailing threats that are around, then refer to this blog where you’ll find very brief instructions for ensuring maximum device security at personal levels.
Resources
https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking
https://www.ccn.com/monero-miners-to-see-charges-in-japans-first-cryptojacking-criminal-case/
https://www.zdnet.com/article/cryptojacking-malware-proves-a-big-winner-for-web-crooks/
