This post is also available in: עברית (Hebrew)
Author: Aryeh Danon, Data Security Department Manager at Abnet Communications, distributing Sophos solutions in Israel.
Hackers have discovered a new way to take advantage of your computers without asking for your permission – cryptojacking. If you have recently experienced your computer or mobile slowing down their speed, or if your computer has been working extra-hard lately, it could imply that your computer is being utilized by cyber criminals for the purposes of mining for cryptocurrency.
The malicious activity of cryptojacking has been making headlines during the recent months. A report published at the end of October by the Cyber Threat Alliance (CTA) suggests that damage caused by cryptojacking increased by more than 400% since last year.
What is Cryptojacking?
In order to understand cryptojacking, it is necessary to first understand cryptomining. Cryptomining is very similar to gold mining. Like gold, there are millions of crypto coins in the world, except some of them are not yet available. The miners extract those via algorithmic solutions with very powerful computing. The minute the coins are approved, the miner receives their reward.
Cryptomining becomes cryptojacking when this process is conducted in an illegal and unauthorized manner. All cyber criminals have to do in order to profit off cryptomining is to steal computing power away from users. Instead of relying on server farms, they create their own farms using an astonishing number of computers and personal devices that do not personally belong to them located in various places around the world, in an unauthorized manner. Cyber criminals infect computers, servers and mobile devices with malware without the owner’s awareness.
How does infection occur?
There are two ways in which cryptojacking takes place – through the browser and through installation of malware in the machine itself. With the browser method, cyber criminals hack into web servers and inject a cryptomining code that is browser-based, which mines for coins whenever a website is visited. A recent example of this was seen in the infection of American, British and Australian government computers with cryptomining codes via browser. The specific browser’s intention was to provide a service that reads website content for users who do not command the English language.
The bad news for consumers is that cryptojacking by browser is platform agnostic. This means that all devices, including mobile phones, can be compromised. We’ve witnessed mining software that were added to popular platforms such as Netflix and Instagram, and recent reports mention cellphones that were physically compromised by cyber criminals.
the good news is that mining malware that is browser-based do not harm you systems in any way besides exhausting them. The malware could slow down your computers and devices and this may very slightly increase your electric bill. The fact that the entire malware is saved in the browser itself ensures that criminals cannot get access to your data.
On the other hand, cyber criminals can also hack to the consumer’s network and directly install mining software in the device itself for the purpose of stealing electricity and computer power. The mining software installed in this case is a more tangible threat. Beyond taking advantage of your electronics’ power supply, the devices are also hacked. If a hacker can install a mining software, they may likely be able to install other malware, such as ransomware.
Cyber criminals attack everyone via cryptojacking. A study conducted by Sophos reveals that cyber criminals use the same cryptojacking tactics against businesses, workers and domestic consumers.
What can be done if a mining software was installed in my system?
As mentioned, if your computer or mobile device is slower than usual, this could mean you are a victim of cryptojacking. The mining software creates this physical reaction in your devices. In this case, there is no one specific action to take in order to stop the process, but good data security could be an excellent line of defence in order to prevent these situations:
- Update your installed software frequently, using a security patch.
- Install software only through authorized sources.
- Do not open and click on links if you do not know their source.
- Create strong and complex passwords, and do not share them with anyone.
- Start two-factor authentication (2FA) when possible.
- Regularly back-up your data and keep an off-site copy.
- Secure your computers and network with advanced data security solutions.