What is Cryptojacking? It’s a Bigger Threat than You Think – Here’s Why
Cryptocurrencies have presented a unique opportunity for investors, businesses, and the general public, but they’ve also created a vulnerable space for corruption and criminal activity. Many hackers and cyber attackers have shifted their attention from risky but profitable ransomware attacks to a slower and steadier stream of income through cryptojacking, which involves illegally mining cryptocurrency from individual and business devices.
Even as the price of cryptocurrency continues to fluctuate, the frequency of cryptojacking attacks has skyrocketed, and it shows no signs of slowing anytime soon. SonicWall’s 2023 Cyber Threat Report revealed that there were 139.3 million cryptojacking attacks in 2022, a 43% increase over the prior year and a 142.3% increase since 2018. The growing attack volume was particularly shocking in some regions, such as Europe, where attacks grew by 549% in one year. In contrast, ransomware attacks declined by 21% and malware attacks increased by only 2%.
Why is cryptojacking on the rise as other forms of cyberattacks have declined? In this post, we’ll unravel the answer to that question, explore how cryptojacking can hurt your business, and help you develop a plan to protect your systems from criminal actors.
What Is Cryptojacking?
Also known as malicious cryptomining, cryptojacking is a form of malware that illegally mines cryptocurrency on your computers. It runs quietly in the background, without the user’s knowledge, using your system resources to make money for the attackers.
If you’re familiar with cryptocurrency, then you know it’s not a physical form of currency that you can hold in your hands. It’s entirely digital, and pretty much anybody can mine it as long as they have the necessary technical skills and enough computing power. Successful cryptominers build vast computer networks to mine currency, but why spend all that money when you can piggyback on others’ computing resources instead?
That’s how cryptojackers operate. They hijack your company’s machines to churn out valuable cryptocurrency for themselves, and your users don’t suspect a thing. Whereas ransomware gangs proudly announce their attacks, cryptojacking is stealthy. The goal is for an attack to go undetected while the hacker uses your system to silently mine and transfer cryptocurrency into their own accounts.
On the surface, this type of criminal activity seems rather innocuous, especially in comparison to other cyberattacks that can disable essential systems and shut down businesses for months at a time. However, cryptojacking has the potential to cause significant damage to your operations and is often part of a bigger system of exploitation and crime.
How Does a Cryptojacking Attack Happen?
Cryptojacking malware is typically delivered in one of three ways: through your Internet browsing activity, through email, or through system vulnerabilities. Let’s dig into how each of these attacks manifests in your computer systems.
Cryptomining is much more taxing on your systems when it’s actually running on your servers and PCs as opposed to through a browser. This form can leverage much more of your computing power, and it usually runs nonstop as long as the machine is turned on. Hackers use exploit kits to infect your systems via known vulnerabilities within your operating systems or software. A 2022 report from Kaspersky found that one in seven cyberattacks that exploited known vulnerabilities included miner infections.
Like ransomware, cryptojacking attacks often occur via one of the oldest and most reliable vulnerabilities: email inboxes. Unsuspecting users open spam email attachments, click bad links, and respond to phishing attacks posing as legitimate messages. Unlike ransomware, users won’t get big popups warning them that their files have been encrypted. Instead, nothing happens at all–at least not that the user can see.
In the background, the malware payload is dropped and begins using system resources for mining. This represents one of the greatest risks of cryptojacking. It operates in secret, causing massive damage before victims even realize that they’ve been attacked. Even if a user recognizes that the message was an attempted scam, they may assume that since there was no visible outcome, no harm was done. Unbeknownst to them, the cryptojacking activity continues to run as they go about their other tasks.
How Common Is Cryptojacking?
Cryptojacking usually doesn’t earn the same headlines or attention as ransomware, largely because the payouts are smaller and the attacks themselves are subtler. It’s important not to interpret the lack of news stories as proof that the cryptojacking threat no longer exists. In reality, the opposite is true.
Malicious cryptomining is a reliable business for online criminals, and many organizations are unaware of just how severe the threat has become. According to Kaspersky, during the third quarter of 2022, the number of new mining variants more than tripled over the prior year, resulting in a record-breaking total that exceeded 150,000.
Cryptojacking has become so commonplace that some ransomware gangs have shifted the focus of their operations partially or entirely to illegal mining. For example, the well-known ransomware AstraLocker publicly declared that they would be ceasing their ransomware operations and instead investing their energy exclusively into cryptojacking.
Major government agencies have also raised the alarm about cryptojacking activity. Organizations like Interpol, the Cybersecurity and Infrastructure Security Agency (CISA), and the United States Justice Department have all released recommendations and warnings for businesses and individuals that might be affected by illegal mining.
Why is Cryptojacking on the Rise?
The early rise of cryptojacking naturally followed the skyrocketing value of cryptocurrency in 2017. As currencies like Bitcoin exploded, hackers saw a new window for making money. But while cryptocurrency has been relatively unstable in the years since, cryptojacking has continued to rise. Understanding the full context of cryptojacking helps clarify this seeming discrepancy.
Consistent Revenue Streams
Ransomware has seen a recent decline, largely because it’s such a risky prospect. Widespread government attention has put a laser focus on ransomware gangs, and many organizations have become more reluctant to submit to ransom requests. These changes have made it more difficult for bad actors to generate a constant stream of revenue through ransomware alone.
Cryptojacking, on the other hand, can quietly infect systems and generate easy money without detection. What’s more, hackers don’t need significant technical skills or money. Basic cryptojacking kits can be purchased on the dark web for a few dollars. As a result, although cryptojacking doesn’t have massive payouts like ransomware, the profit margin is high.
Ransomware has become mainstream, with every organization from hospitals and healthcare facilities to public schools and colleges recognizing the risk level at hand. In response, many organizations have implemented better data backup systems and additional safeguards for preventing infections. For ransomware developers, this lowered the chance of getting ransom payments from victims.
With cryptojacking, however, hackers could generate more money with less risk. Cryptominers have also gained access to a wide range of software and devices that businesses may not think to protect. For example, Google’s Cybersecurity Action Team found that 86% of compromised cloud instances in a 2021 study were used for cryptocurrency mining.
In other words, cryptojacking is not only a threat to your desktop computers, but also to your laptops, smartphones, cloud resources, and IoT devices. While businesses may have established full-scale protection for their primary systems, they may not have extended the same measures to other vulnerable points of attack, leaving them exposed to money-hungry cyberminers.
The general consensus about cryptojacking is that it’s less dangerous than ransomware because no data is stolen or destroyed. That’s technically true. Cryptojacking malware, in its current form, isn’t designed to hold your data hostage or blow up your infrastructure. After all, it’s most effective for attackers when nobody knows it’s there.
The mistake lies in assuming that, because it’s less dangerous than ransomware, cryptojacking is harmless. The fact remains: if you have cryptomining malware on your systems, then your systems have been compromised, and there are a host of dangers that can cause long-lasting harm to your business operations.
How Does Cryptojacking Affect Businesses?
Cryptomining may not cause the immediate and overwhelming destruction that ransomware has been capable of achieving, but it still poses a serious threat. Here are some of the ways it can hurt your operations:
- Drained computing resources: First and foremost, cryptomining literally steals your processing power away from the applications your employees need every day. While cryptojacking malware varies on how it’s delivered and how taxing it is on your systems, it can significantly drain your CPU power.
- Slow system performance: The obvious result of drained computing resources is slower PC performance. Cryptomining bogs down your machines, makes applications run slower, eats into your bandwidth, and makes everyday tasks take much longer.
- Reduced productivity: When systems run slower, your teams aren’t as productive. Slow system performance can have a measurable impact on the tasks that your employees accomplish during the day and thus also has an effect on your bottom line.
- Drain on help desk and IT resources: Responding to PC slowness issues adds more work for your already busy IT teams. When applications and operating systems begin running slower, it’s usually not immediately clear that cryptomining malware is the cause, and the time required to identify and resolve these issues creates more work for IT and pulls them away from other critical tasks.
- Hardware repair and replacement costs: If malware isn’t found or can’t be removed easily, some organizations may decide to simply replace old hardware, like hard drives, servers, or entire systems. These are expenses that could be otherwise avoided if the malware had been blocked in the first place.
- Hardware damage: Cryptomining can also legitimately wear down your hardware. When cryptojacking processes are running, they can cause a device to overheat and shorten its lifespan.
- Added vulnerabilities: If your system has already been compromised, then it’s probably vulnerable to other cybersecurity threats as well. Additionally, new forms of cryptojacking could include more destructive forms of malware that would pose further security risks.
If these reasons aren’t enough motivation to protect yourself from cryptojacking, consider that when your system is used for malicious mining, you are helping to line the pockets of a criminal enterprise.
How much money are miners making?
The short answer to this question is a lot. While there isn’t exhaustive data on how much money is being made from cryptojacking, a few telling figures show that these attacks can be quite lucrative.
Research by Kaspersky found that the average cryptojacker targeting Bitcoin in 2022 earned around $1,600 per month, but this excludes cryptomining activity on other currencies. They identified much larger transactions as well, such as one Bitcoin wallet that received cryptojacking revenues worth $34,000 in a single month.
It’s also important to recognize that while individual cryptojacking transactions may yield small amounts of money, they are often part of a much larger operation. Remember, it’s in the miner’s best interests to deploy cryptomining as part of a botnet, a large network of computers around the world. More computers = more mining and more money for the cyberminers.
How Can Businesses Protect Themselves from Cryptojacking?
Once you have a full understanding of how cryptojacking works and why it’s such a significant threat, the next logical question is how to stop cryptomining malware from bogging down your systems. These relatively simple preventative cybersecurity measures will help protect you from cryptojacking and other threats:
- Antimalware solutions: Be sure to invest in business-grade endpoint antimalware protection, which can prevent many attacks from occurring. Whether threats originate via email or the web, a quality malware detector will identify them before they become a bigger problem.
- Patch your systems: Patching and updating your operating systems, software, and firmware will fix known vulnerabilities that could be exploited by cryptojacking attackers. To stay fully up-to-date and minimize your risk, install newly released patches as soon as they’re available.
- Train employees: Conduct ongoing cybersecurity training that explains to employees the risks of malware infections and how to properly use email and the web to prevent an attack. Emphasize steps for identifying suspicious emails, avoiding malicious links and downloads, and handling messages from unknown senders.
- Block ads: Additional ad-blocking tools, if not already included in your antimalware solution, can help to reduce the risk of cryptojacking attacks through infected online ads. It may also be beneficial to install a specialized program designed to block mining activities in open browsers.
- Back up your data: Instabilities caused by cryptojacking malware can lead to data loss, especially if applications are constantly crashing. Make sure you’re backing up files regularly with a dependable data backup system.
Even if you take all of these steps, there’s still a chance that you will fall victim to a cryptojacking attack. If you notice that your devices have become sluggish, are overheating, or are experiencing poor battery performance, immediately close open browsers and run a scan of your system.
What’s the Future of Cryptojacking?
Cryptojacking may be merely a “nuisance” for end users, but it poses a threat to your business just like any other malware does. By bogging down your systems, it hurts your company’s productivity, system stability, and bottom line.
The rate of these infections will likely continue to rise as hackers move away from less reliable forms of attack that are receiving more of the media spotlight. The use of cryptojacking is also closely intertwined with the power and prevalence of cryptocurrencies. As crypto becomes a more widely accepted form of payment, cryptojacking criminals will find further opportunities for exploitation and profit. Taking the right precautions now will greatly reduce the risk of your organization being infected in the future.
How Can Businesses Learn More?
In the already complex world of cybersecurity, cryptojacking serves as one more unwelcome complication. From damaging your hardware to reducing your operational efficiency, unauthorized cryptomining is a drain on your finances and your time. Implementing a comprehensive security plan that includes protection against all forms of malware is an important step toward protecting your business’s interests. Equally important is investing in a reliable and reputable backup solution that ensures your data is safe in the event that a system overburdened by cryptojacking activity unexpectedly crashes.
To learn more about how to guard your business against cryptojacking and other types of cyberattacks, reach out to Invenio IT. With a team of disaster recovery and business continuity experts, Invenio IT can advise you on what policies and procedures will be most effective in preventing data loss and shortening periods of downtime due to cryptojacking or other cybersecurity events. While you’re at it, get a firsthand look at a high-quality data backup system by booking a free demo of the best backup solutions in the industry.