Rules Navigator

What you need to know about cryptojacking and how to prevent it

Photo: Adobe Stock Images

Robert Hawk

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Global Relay’s security expert Robert Hawk shines a light on cryptojacking as C-suite concerns about cyber security rise.

Most people would recognize the word carjacking. It’s a crime that’s as old as cars themselves- even older if you include highway robbery.

But how many people know about its digital equivalent, cryptojacking? It may not be as physically violent as carjacking, but it can have equally devastating and more far-reaching consequences.

Cryptojacking involves someone hacking into another person’s digital device in order to mine and/or steal cryptocurrency. With crypto prices rising and falling at meteoric rates, cryptojacking incidents are on the rise, and it’s a threat that organizations can no longer ignore.

What is cryptojacking and how does it work?

Mining crypto incurs large resources and overheads in the form of electricity bills and hardware. The computers carrying out the mathematical calculations required to mine Bitcoin use more than 73TWh of energy a year.

Cybercriminals typically hack into devices and install cryptojacking software that, undetected by the main user, mines for crypto or steals it from wallets. Their unsuspecting victims continue to use their devices normally.

Tactics can include enticing a victim to click on a malicious link in an email that loads crypto-mining code onto a device, to infecting a website or online ad with code that auto-executes when it’s loaded onto a browser.

The code does the complex mathematical calculations required to mine cryptocurrency and sends the data to servers controlled by cybercriminals. Any fees generated go straight into criminals’ digital wallets.

Impact on the victims

While cryptojacking doesn’t damage victims’ devices or data, it does steal their computer processing resources and saddle them with large and unexpected electricity bills. Any organizations targeted in this way also incur costs through using their IT teams to track down and rectify performance issues; this can be hard and expensive to do if the script is capable of infecting other devices and servers on a network, making it more difficult to identify and remove.

If cryptojacking goes on for long enough, without an organization realizing that it’s happening, it can help criminals to identify compromised devices and use them to launch other, even more damaging attacks.

As Interpol says, “Cryptojacking might seem like a harmless crime, since the only thing ‘stolen’ is the power of the victim’s computer, but the use of computing power for this criminal purpose is done without the knowledge or consent of the victim, for the benefit of the criminal who is illicitly creating currency.”

Have you been cryptojacked?

Cryptojacking can be difficult to detect as it’s designed to stay hidden on people’s devices. But there are three signs that your computer or phone has been infiltrated to watch out for:

  • Decreased performance: This is a key indicator of cryptojacking, so be alert to your systems slowing down. If your device is running slowly, crashing, performing unusually poorly, or draining its battery more quickly than usual, it could have been targeted.
  • Overheating: Cryptojacking uses a lot of resources and can cause devices to overheat, damaging them and shortening their lifespan. Watch out for your device’s fan running more quickly than usual.
  • Central Processing Unit (CPU) usage :When you’re visiting a website that has little or no media content, an increase in CPU usage could mean that a cryptojacking script is running. Checking your device’s CPU usage with its Activity Monitor or Task Manager can be useful here, but remember that cryptojacking scripts can be disguised as a legitimate activity.

Protect yourself against the cryptojackers

The best practices that apply to cybersecurity in general can help you to detect and combat cryptojacking. These include:

  • Use a good cybersecurity program and install it before you fall victim to the cryptojackers. Make sure that you install the latest software updates and patches, particularly those for web browsers
  • Keep up to date with the latest cryptojacking trends and cybersecurity threats so you’re better equipped to detect and avoid them
  • Use browser extensions that block cryptojacking
  • Use ad blockers to block malicious code that has been hidden in online ads
  • Disable JavaScript to prevent cryptojacking code from infecting your device, although this can also block legitimate functions
  • Block pages that are known to deliver cryptojacking scripts by only visiting carefully-vetted websites.
, , ,

You may also like