Cryptojacking is increasing, and we are all at risk. This cybercrime uses our devices to mine for cryptocurrency while most of us are completely unaware of its presence.
While the majority of the security world has been focused on ransomware, data breaches, and hacking, a silent threat has been lurking in the background. Cryptojacking is the illegal use of someone else’s device to mine for cryptocurrency, a practice that can go seemingly unnoticed as you continue to use your device with little to no interruption. But over time, the damages caused by cryptojacking begin to appear, and regardless of your familiarity with or connection to cryptocurrencies, you and your company are equally at risk.
This fairly new form of cybercrime began in response to the rise of cryptocurrencies, particularly those that must be “mined”. Mining is a process that uses specialized computers to solve a computational problem that confirms cryptocurrency purchases and chains them together in blocks (hence, blockchain), it adds a level of security to the entire cryptocurrency process, and it is how new “coins” are issued.
Cryptocurrency mining requires a lot of computing power, and electricity. Cryptojacking resolves this problem by using someone else’s device, server, console—or a collection of devices—to do the mining for them. The most common form of cryptojacking is to use a phishing email with a malicious link that loads cryptomining code onto a device. Other common methods include corrupting a website or ad with code that loads onto a user’s browser.
If cryptojacking is a silent threat, how do you determine that you or your device has been compromised? Some of the biggest signs of cryptojacking is a decrease in either system or network performance, or both. If your device is working much slower than normal, before taking steps to upgrade or change out aspects of your device, consider looking for cryptojacking code running in the background.
Other indicators that you have been targeted include company-wide system degradation, an increase in electricity bills, unexplained system crashes, and overheating or wear and tear of individual devices that should otherwise be in peak condition.
Cryptojacking spiked rapidly in 2017 and 2018 along with Bitcoin’s exponential rise in value. The fairly new form of cybercrime then seemingly decreased along with Bitcoin’s value, only to surge again as criminals focused on more obscure and untraceable cryptocurrencies.
A mid-year report from SonicWall indicates that there were 52.7 million registered cryptojacking attacks in just the first 6 months of 2019. Since the crime is still fairly new, criminals are developing new ways to commit it. Not only that, but the act of cryptojacking is largely undetectable, meaning criminals can walk away with money with much less risk to themselves than with other cybercrimes such as ransomware.
Protecting yourself against these increases in crime starts with education. Because many cryptojacking attacks take the form of phishing emails, train your staff to detect and report such emails. No company, whether large or small, is immune to this tactic. The Carle Foundation Hospital in Illinois suffered a data breach this year when doctor emails were compromised through a phishing scheme. While the majority of patient data was secure, this could have easily turned into a cryptojacking occurrence, with no one the wiser for several months while the code ran quietly, and undetected in the background.
While staff education is an important first step to protect your company from cryptojacking, it won’t stop infected ads or websites from penetrating your network. Using adblockers and anti-cryptomining extensions on browsers, and internet security software are all ways to keep you and your devices safe.
Awareness is the other key to protecting your business from old and new methods of cybercrime. Staying aware of the latest crimes, the increase in crimes—such as cryptojacking—and the effect each one has on your systems and devices will go a long way in keeping your business secure.