Web Hosting Blog
Bitcoin … Blockchain … Cryptocurrency … and Now Cryptojacking!
I know what you’re thinking. I have nothing to do with these technologies, why should I care? As of March 2018, the market cap for cryptocurrencies surpassed $264 billion. It has become the new bullseye for cybercriminals. And the bottom line is that if you have a website, you need to know how to protect your website and visitors from hackers.
Cryptocurrency, Mining and Cryptojacking 101
Nearly everyone has heard of the surge in value of cryptocurrencies such as Bitcoin, Ethereum, Monero and Zcash. But what is the relevance of mining cryptocurrencies? How does it really affect you?
With regular money, there is a central bank that authorizes the issue of new notes. Like any man-made system, it’s prone to corruption. Enter the world of digital money, aka cryptocurrency. This is designed to be absolutely secure and anonymous.
Cryptocurrencies allow users to make secure payments without having to go through banks. They are generated through a process known as ‘mining’, or cryptomining. Transactions are verified and added to the blockchains (digital ledgers) to prevent deception, fraud, and above all, corruption.
The verification of these blockchains requires serious CPU power. This is to the extent of an entire warehouse with computers from floor-to-ceiling and also the titanic electric bill that follows. As payment for these huge costs, cryptominers are paid cryptocurrencies as fees by the merchants of each transaction.
Sounds pretty fair, right? Payment for services rendered. Well it sounds pretty fair to cybercriminals too. Minus the warehouse, minus the hardware and minus the electric bill. This is where you come in and this is therefore where cryptojacking happens.
These cybercriminals target computers, servers and networks to mine for cryptocurrency. They use your websites, computers and electricity. Therefore, you pay for the resources and they reap the financial benefits, to the tune of millions of dollars!
On April 4, 2018, an unknown hacker attacked the Verge cryptocurrency platform. The attack lasted a miniscule three hours, however it’s reported the attacker consequently stole a whopping $1,373,544. As a result, the firm has updated the system with a patch to prevent further exploitation.
How a Cryptojacker Infiltrates
There are several ways cryptojackers infiltrate a victim’s computer to secretly mine cryptocurrencies. Cryptojacking requires no download, so starts immediately and is completely unnoticeable.
The undetectable nature by which it performs makes it the new stealth bomber of the cyber threat industry. In either case, the malicious code runs stealthily on the victims’ computers. This then CPU resources and secretly mines cryptocurrencies for the hacker.
Danger to Website Owners and Their Visitors
Cryptojacking is dangerously effective. With the recent rise of Bitcoin, cybercriminals are redirecting their focus away from ransomware in favor of cryptocurrency mining. In its latest report, The U.K.’s National Cyber Security Centre emphasizes cryptojacking as a “significant” concern, likely because the report noted that 55 percent of businesses worldwide suffered from cryptomining attacks last December.
The agency added that “we assume the majority of cryptojacking is carried out by cyber criminals, but website owners have also targeted visitors to their website and subsequently used the processing power of visitors’ CPUs, without their knowledge or consent, to mine cryptocurrency for their own financial gain.”
Massive Impact of Cryptojacking
The most recent quarterly report from Comodo Cybersecurity Threat Research Lab stated: “During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominers incidents,” noting that, “cryptocurrencies have become a favorite target of cybercriminals”. The report also outlined the number of unique cryptominer variants grew from 93,750 in January to 127,000 in March, as shown below. At the same time, ransomware activity decreased 42% from 124,320 to 71,540 from January to March.
Cryptojacking definitely doesn’t require significant technical skills. According to the report from Digital Shadows, “The New Gold Rush Cryptocurrencies Are the New Frontier of Fraud”, cryptojacking kits are available on the dark web for as little as $30.
Is There a Cure for Cryptojacking?
Cryptojacking is clearly a significant concern. A user may notice a slowdown in performance. This can maybe be a sign of cryptojacking. But since this happens to most of us at one point or another, it may lead you to wonder whether you’ve been a victim. As these attacks are continuously evolving and still in their infancy, one of the better solutions would be real-time monitoring of your website. Yet who has the time or the knowledge?
Don’t count on your existing endpoint protection tools to stop cryptojacking. Crypto mining code can hide from signature-based detection tools and also, desktop antivirus tools won’t see them.
Your best bet to detecting cryptomining activity is deploying a monitoring solution.
There are a few organizations with the network and monitoring tools as well as the capabilities to analyze that information for accurate detection. One such service is cWatch Web. Human intelligence and also a team of cybersecurity analysts back the service. Protect yourself and your website with continuous monitoring and protection.