Cryptojacking is the unauthorised use of someone else’s computer to mine cryptocurrency. Under this umbrella, the most insidious form is ‘cryptomining’, which utilises malware to turn an unsuspecting user’s device into a full-time cryptocurrency mining bot.
Cryptomining is thought to consume almost half a percent of the world’s overall electricity consumption, meaning that affected parties are not only at risk of having their data compromised by malware, but are footing enormous bills for energy costs. Around 60% of the cost associated with mining bitcoin (legitimately or otherwise) is spent on energy consumption, and the only way for cyber criminals to make a lucrative business out of it is to fob their losses off on unsuspecting computer users.
One of the main reasons cyber criminals are turning to cryptojacking is because malware and ransomware are becoming less lucrative, as organisations and businesses become better at bolstering their security efforts. According to the latest data, malware attacks over non-standard ports dropped by a staggering 54.2% between July and October 2019, whilst overall malware volume during the same period decreased by 15% and ransomware attacks experienced a 5% drop.
A guide to cyber attacks: Malware – Part 1
Before July, desperate cybercriminals had amped up ransomware attacks to 195% more than the previous quarter. SonicWall observed that this was because cybercriminals were getting less money from each attack, and were desperate to squeeze as much as they could from the dying trend before moving onto the next thing.
Another reason cyber criminals are turning to cryptojacking is simply because, after a tenuous 2018 where it looked as though the entire crypto market was going to crash on the back of Bitcoin’s downward spiral, cryptocurrency is on the rise once again. Bitcoin experienced a mid-year surge over the summer after prices for it and other cryptocurrencies had fallen to an all-time low in late 2018. Bitcoin’s surge, in turn, drove up the price of Monero, an alt coin currency which is specifically relied upon by cyber criminals because it can’t be publicly tracked. As a result, cryptojacking volume soared to 52.7 million over a six month period.
What are the risks?
Simply put, crypto jackers are interested in an organisation’s ability to throughput huge amounts of processing power as well as the prospect of making a profit from (mostly) untraceable illegal activity. How much of a business’s resources are compromised depends on the particular criminal’s objectives? On the one hand, siphoning enough power to operate a low-level criminal operation makes it harder for unsuspecting users to notice. On the other, stealing large amounts of power maximises profits in the short term. Either way, the pain points for organisations suffering this kind of attack are significant.
AI: A new route for cyber-attacks or a way to prevent them?
Even if a coin which has previously been used by cyber criminals is defunct (like Coinhive, whose URL was abandoned in March this year), the foundation malware still lives in a company’s IT systems and can continue being used by malicious authors in the future. Enterprise administrators may look for unknown processes in their environment, and end-users on Windows should spawn a Sysinternals Process Explorer to see what they are running. Linux and macOS users should investigate using System Monitor and Activity Monitor, respectively, for the same reason.
As always, the best way to defend against any kind of cyber attack is to stop malware at the gateway, either through firewalls or email security. If, however, the malware strain is new – mutated like a biological virus or combined with something else in a “malware cocktail” – it will be able to bypass static filters in email security and break through the “inoculation” software which acts as the first line of defence. In this case, the best option is Capture ATP (Advanced Threat Protection), a type of software which has the ability to detect unknown files at the gateway, sandbox them and force them to execute in order to inspect their true nature and let them through or block them accordingly.
Depending on a particular organisation’s set up, it may also be necessary to deploy an endpoint security product that includes behavioural detection. This entails installing a behavioural-based antivirus which detects whether an affected system wants to mine coins before shutting down the operation completely. An administrator then needs to quarantine and delete the malware or, in the case of something that does damage to system files, roll the system back to the last known good state before the malware executed. By combining a mixture of perimeter defences and behavioural analysis, organisations can fight the newest forms of crypto mining malware no matter what trends there are in the crypto market.