What is Cryptojacking? A Bigger Threat than You Think – Here’s Why
One of the most intriguing cybersecurity trends of the last year has been the sudden decline in ransomware. The file-encrypting attacks have accounted for only 5% of malware payloads in recent months, down from 60% in early 2017. That’s a huge shift in direction for hackers. But just as quickly as ransomware has declined, a new threat has skyrocketed: cryptojacking.
In this post, we look at what cryptojacking is exactly, how it can hurt your business and why it’s so underestimated as a cybersecurity threat.
Cryptojacking is a form of malware that illegally mines cryptocurrency on your computers. It runs quietly in the background, without the user’s knowledge, using your system resources to make money for the attackers.
If you’re familiar with cryptocurrency, then you know it’s not a physical form of currency that you can hold in your hands. It’s digital. And pretty much anybody can mine it, as long as you have enough computing power.
Crypto-miners build vast computer networks to mine the currency. But why spend all that money when you can piggyback on others’ computing resources instead?
That’s how cryptojackers operate. They hijack your company’s machines to churn out valuable cryptocurrency for themselves, and your users don’t suspect a thing.
A growing trend: ‘Cryptomining is out of control’
Cryptojacking attacks increased by 600% between January and August 2017, according to figures from IBM.
Research by Checkpoint found that 55% of organizations around the globe were impacted by illegal cryptomining in December 2017.
Malwarebytes, in its annual security report last year, wrote that “Cryptomining is out of control … By the end of 2017, basically anyone doing any kind of cybercrime was also likely dabbling in cryptomining.”
Why is cryptojacking on the rise?
The rise of cryptojacking naturally followed the skyrocketing value of cryptocurrency in 2017. As the currencies (like Bitcoin) skyrocketed, hackers saw a new window for making money.
But there’s more to it than that.
Researchers believe that ransomware development began to decline because it was no longer as lucrative, on the whole. Despite some eye-popping attacks this year (i.e. the city of Atlanta spending $17 million to recover from a $50,000 ransomware scare), attackers were overall finding it more difficult to generate reliable revenue from their attacks.
Cryptojacking, on the other hand, can quietly infect systems and generate easy money without detection. What’s more, hackers don’t need significant technical skills or money. Basic “cryptojacking kits” can be purchased on the dark web for only $30.
Businesses got smart about ransomware.
As ransomware went “mainstream” over the last few years, many organizations implemented better data backup systems and additional safeguards for preventing an infection. For ransomware developers, this lowered the chance of getting ransom payments from victims.
With Cryptojacking, however, hackers could generate more money with less risk. In an interview with CSO, one researcher explained:
“Hackers see cryptojacking as a cheaper, more profitable alternative to ransomware. With ransomware, a hacker might get three people to pay for every 100 computers infected. With cryptojacking, all 100 of those infected machines work for the hacker to mine cryptocurrency. [The hacker] might make the same as those three ransomware payments, but crypto mining continuously generates money.”
Underestimating the dangers
The general consensus about cryptojacking is that it’s less dangerous than ransomware, because no data is being destroyed. That’s technically true. Cryptojacking malware, in its current form, isn’t designed to hold your data hostage or blow up your infrastructure. After all, it’s most effective for attackers when nobody knows it’s there.
But that doesn’t mean it’s harmless, either.
The fact remains: if you have cryptomining malware on your systems, then your systems have been compromised, and there are a host of dangers you need to be aware of.
How cryptomining can disrupt your business
Cryptomining may not cause the immediate destruction of ransomware, but it still poses a serious threat. Here are some of the ways it can hurt your operations.
- Drained computing resources: First and foremost, cryptomining literally steals your processing power away from the applications your employees need every day. While cryptojacking malware varies on how it’s delivered and how taxing it is on your systems, it can significantly drain your CPU power.
- Slow system performance: The obvious result of drained computing resources is slower PC performance. Cryptomining bogs down your machines. It makes applications run slower. It eats into your bandwidth. It makes everyday tasks take much longer.
- Reduced productivity: When systems run slower, your teams aren’t as productive. Slow system performance can have a measurable impact on the tasks that your employees accomplish during the day and thus also has an impact on your bottom line.
- Drain on help desk / IT resources: Responding to PC slowness issues adds more work for your already-busy IT teams. When applications and operating systems begin running slower, it’s usually not immediately clear that cryptomining malware is the cause. It takes time to identify and resolve these issues, creating more work for IT and pulling them away from other critical tasks.
- Hardware repair and replacement costs: If malware isn’t found or can’t be removed easily, some organizations may decide to simply replace old hardware, like hard drives or entire machines. These are expenses that could be otherwise avoided if the malware had been blocked in the first place. Also, cryptomining can legitimately wear down your hardware. In one extreme example, Android cryptomining malware proved to be so taxing on the device’s processor, the battery began to burst.
- Added vulnerabilities: If your system has already been compromised, then it’s probably vulnerable to other cybersecurity threats as well. Additionally, new forms of cryptojacking could include more destructive forms of malware that would pose further security risks.
3 methods of attack
Cryptojacking malware is typically delivered via one of three ways: through your Internet browsing activity, through email or through system vulnerabilities.
- System exploits: Cryptomining is much more taxing on your systems when it’s actually running on your servers and PCs, as opposed to through a browser. This form can leverage much more of your computing power, and it usually runs nonstop as long as the machine is turned on. Hackers use exploit kids to infect your systems via known vulnerabilities within the operating systems or software.
- Email: Like ransomware, cryptojacking attacks often occur via one of the oldest and most reliable vulnerabilities: users’ inboxes. Unsuspecting users open spam email attachments, click bad links and respond to phishing attacks posed as legitimate messages. But in this case, users won’t get big popups warning “Your files are encrypted.” Instead, nothing happens at all – at least not that the user can see. But in the background, the malware payload is dropped and begins using system resources for mining.
How much money are miners making?
A lot. While there isn’t yet a ton of data on how much money is being made from cryptojacking, a few telling figures show that these attacks can be quite lucrative.
Remember, it’s in the miner’s best interests to deploy cryptomining as part of a botnet – a large network of computers around the world. More computers = more mining. That was certainly the case for the Smominru crypto botnet, which exploited more than a half-million servers across Russia, India, Taiwan and other countries. Cybersecurity researchers at Proofpoint estimated that the operation netted as much as $3.6 million for the attackers.
How to protect your business
So, how do you stop your systems from being bogged down by the malware? Here are some relatively simply preventative measures, which you should already be doing:
- Antimalware solutions: Be sure to invest in business-grade endpoint antimalware protection, which can prevent most attacks from occurring, whether they originate via email or web.
- Patch your systems: Patching and updating your O/S, software and firmware will fix known vulnerabilities that could be exploited by cryptojacking attackers.
- Train employees: Conduct ongoing cybersecurity training that explains to employees the risks of malware infections and how to properly use email and web to prevent an attack. Emphasize steps for identifying suspicious emails and handling messages from unknown senders.
- Block ads: Additional ad-blocking tools, if not already included in your antimalware solution, can help to reduce the risk of cryptojacking attacks through infected online ads.
- Back up data: Instabilities caused by cryptojacking malware can lead to data loss, especially if applications are constantly crashing. Make sure you’re backing up files regularly with a dependable data backup system.
Not just a nuisance
Cryptojacking may be merely a “nuisance” for end users, but the reality is that it poses a threat to your business like any other malware does. By bogging down your systems, it’s hurting your company’s productivity, system stability and your bottom line.
The rate of these infections will likely continue to rise as hackers move away from other, less lucrative forms of attack. Taking the right precautions now will greatly reduce the risk of your organization being infected.
Upgrade your data protection today
Business continuity solutions from Datto can minimize the risk of data loss and downtime after a cybersecurity disaster. Request a free demo today or contact the BC/DR experts at Invenio IT by calling (646) 395-1170 or emailing [email protected].