Phil Richards, CSO, Ivanti, discusses the growing threat of cryptojacking, what it means for the landscape of enterprise security solutions and what organisations need to do in order to face the problem head-on.
As we look back at 2018, one of the major topics and trends that dominated the news headlines was cryptocurrency. The digital currency has hardly been out of the news over the last couple of years, as its easy-to-use mobile app attracted many young and amateur investors and its dramatically fluctuating values created millionaires but also bankrupted investors. In January 2017, Bitcoin was valued at US$852 and by the end of the year it was worth US$17,132. Now at the time of writing, it sits at US$3,844.
Its ever-changing value means that many view cryptocurrencies negatively, however they are still popular investments and it comes as no surprise that there are many malicious actors trying to profit from its popularity without having to put any collateral forward themselves. The WannaCry attack of 2017, when files were encrypted until a Bitcoin ransom was paid, was one of the first high-profile cyberattacks that involved cryptocurrency. This attack was major news but there is another far subtler threat that involves cryptocurrency, which has become more prevalent and dangerous – cryptojacking.
The ABC of cryptojacking
Cryptojacking is defined as a form of cyberattack that uses devices to mine cryptocurrency without the consent or knowledge of the user. This type of attack has two forms that both use the power of a computer processing unit (CPU) to mine for cryptocurrency on the hacker’s behalf. Its first form is similar to traditional malware, such as WannaCry for example, as cryptocurrency miners are hidden in software that a user would download onto their device, such as an app or programme update like Adobe Flash.
Once downloaded, the miner will run in the background of a computer and mine cryptocurrency without ringing any alarm bells for the user. The second method is less intrusive and doesn’t require the user to download anything for their device to become affected. This is known as ‘drive-by’ cryptojacking and operates when a user has a webpage infected with mining script open in their device’s browser.
The main challenge with a cryptojacking attack is that the practice does not steal cryptocurrency but instead generates it, making cryptojacking unlike other forms of financial cybercrime. The result is that cryptojacking often remains under the radar.
However, cryptojacking can do serious damage – the amount of power needed for a CPU to generate cryptocurrency is costlier than the amount generated, so the user ends up with a hefty energy bill. It’s no surprise that there was a 459% rise in reported incidences of cryptojacking between 2017 and 2018.
The cost of cryptojacking
Cybercriminals have certainly taken advantage of the fact that cryptojacking attacks are more difficult to identify and provide the cybercriminal with a level of protection.
While Monero, the most popular cryptocurrency to mine, uses a public ledger much like other currencies, it is encrypted to the point where it is impossible to tell the source, amount or destination of the currency.
This makes cryptojacking a popular choice for hackers because it grants them a certain level of anonymity and safety and could be the reason behind why cryptomining has overtaken ransomware as the most popular method of cyberattack.
The costs associated with cryptojacking are passed on to the user as it is their device putting in the processing power. The effects of cryptojacking are usually obvious, with users noticing issues such as overactive fans, sudden sluggishness or a drastically reduced battery life, due to the vast amount of processing power needed to mine cryptocurrency.
While these symptoms are noticeable, they are often not enough to instil action from the user, especially while the device is still functional. However, even though a device may not be immediately affected by this sudden exertion, it can result in long term problems and eventually destruction.
Cryptocurrency can also be very costly to the unsuspecting user. For example, the cryptocurrency miner, Coinhive, was responsible for using 1.212kWh of electricity while running on a desktop computer for 24 hours.
To put this into perspective, the average cost of electricity in the UK is 14.37p per kWh according to UK Power, making the financial cost of this attack 17.42p per day or £5.22 per month. Therefore, the unwitting owner of an infected device could face a real financial cost.
Prevention over cure: what can be done?
The cost of cryptojacking for one computer might seem minimal but scaled up to account for a company with thousands of computers with the potential to be hijacked, the cost is no longer so small. As well as slow and hard to use computers negatively affecting employee productivity, its energy bill would also sky-rocket. Therefore, businesses need to focus on preventing a cryptojacking attack before it has the chance to take hold.
Organisations must take care to train their employees on how best to behave in the cyberenvironment, such as ensuring they do not open attachments in suspicious emails or click on any potentially harmful links online. Slip-ups are common so businesses could also ensure employees download browser plug-ins that will block malicious pop-ups and hijack attempts.
Companies themselves must also take precautions, by investing in technology that will allow IT teams to effectively monitor the devices on the entire enterprise network and assess them for suspicious activity, such as a sudden increase in power consumption. As well as prevention, businesses must be prepared to deal with an attack when one does infiltrate the system and remove the threat in the quickest possible way with limited downtime.
Implementing effective and layered cybersecurity infrastructure can incur a large initial investment for a company, but will be cost efficient in the long-term as it could save countless hours of lost productivity, not to mention the financial cost behind saving and repairing affected equipment.
Cryptojacking will arguably be a preferred method of attack for hackers as long as it remains a profitable activity. It may be a possibility that the fluctuating cryptocurrency market will drive hackers away because there is no longer a financial incentive. Bitcoin, for example, has decreased in value by US$10,327 so far this year and if this trend remains, the financial return will no longer be viable for malicious actors.
However, businesses and individual still need to be proactive when protecting against this form of attack. Individual users can take steps to protect themselves from becoming a mining mule by being careful online and organisations can invest in a proper cybersecurity infrastructure and training for its teams to make sure they are properly prepared for an incident and understand the cryptojacking warning signs.