Cryptojacking is the new term in the cybercrime lexicon. Harish Chib, vice-president for Middle East and Africa at Sophos, examines what it is, and why people should be wary.
While cryptocurrency has become dinner table conversation, thanks to the likes of Bitcoin, there are many other cryptocurrencies available such as Monero, and Ethereum.
However, while the average Joe feels confident when purchasing crypto currency, many cyber crooks are also seeing this as potential targets, and are aggressively targeting laptops, desktops, servers, and even mobile devices to do the calculations needed to generate cryptocurrency.
From a single device to entire networks, they infect as many devices as they can to mine for cryptocurrency on, or while using other people’s computers.
While cryptomining can be both legitimate or malicious, cryptojacking is purely malicious cryptomining. Cyber criminals get a code onto your devices without your permission and use it to mine for cryptocurrency using your equipment and your resources – then get all the proceeds for themselves.
A common misconception is that the sole purpose of miners is to generate cryptocurrency. It’s true, this is part of the job. However, they also have another role that is at least equally as important: validating transactions on the blockchain.
Blockchains introduce a new way of record-keeping. With a blockchain the entire network, rather than an intermediary or individual, verifies transactions and adds them to the public ledger.
Although a “trustless” or “trust-minimising” monetary system is one of the goals for cryptocurrency, the financial records need to be secured, and the system must ensuring that no one cheats. The miners who work on the blockchain come to a consensus about the transaction history while preventing fraud, notably the double spending of cryptocurrency.
Not all cryptomining is cryptojacking; however, it can be almost impossible to distinguish which is legitimate and which is not. For example, it’s possible for a crook to turn a legitimate mining program into a malicious one simply by changing a config file. The owner won’t notice that their resources have been “stolen” until they don’t get paid.
Also, how can you block malicious cryptojacking versus legitimate mining if they look the same?
When it comes to stopping cryptojacking there is no silver bullet. Just like protecting yourself against ransomware, you need to take a layered approach to protection:
* Stop cryptomining malware at every point in the attack chain.
* Prevent cryptomining apps from running on your network.
* Keep your devices patched to minimize the risk of exploit-related attacks.
* Use mobile management technology to ensure that native mobile apps aren’t present on your mobile phones nor tablets.
* Educate your team. Cryptomining is not an acceptable use of company resources or power. You also need to explain traditional attack vectors of malware such as phishing and how they can protect themselves.
* Maintain a strong password policy.
* Keep an eye out for the tell-tale signs that you’ve been cryptojacked such as a slow network, soaring electricity bill or a spike in CPU consumption.