Cryptocurrency mining is the new gold rush. There are people around the world making millions of dollars using computer hardware to run special algorithms that secure crypto networks. This new form of income generation has led to a unique type of cybercrime. It’s called cryptojacking, and it could be stealing your computing power right now without you realizing it.
How does hidden mining work?
To mine cryptocurrency, all you need is some computing power to run the specific crypto mining algorithms. These are very difficult computing problems that miners have to solve. They need to be difficult to make it impossible for attackers to create fake transactions on a blockchain network. This means that miners need fast computers and cheap electricity to run them. The faster your PC and cheaper your electricity, the more competitive and profitable you’ll be as a miner. This is why being a successful miner requires a careful balance between costs and rewards.
However, there is a simple way around this problem. You can create malicious software that infects other people’s computers and uses their computing power to mine crypto on your behalf. If you can get away with it, they are effectively paying for the computer and electricity for you. So, you can get the rewards from the mining of popular cryptocurrencies such as Ethereum without paying any of the costs yourself.
This cryptojacking software can infect a computer from many different places. Websites can run cryptojacking JavaScript code while you’re browsing their site. Pirate sites are a favorite hangout for cryptojacking software – either running on the site or hidden within files you download. Forums and sites offering movies and TV shows are also common hosts for cryptojacking.
Anti-malware software is getting better at subverting cryptojacking attacks. But, if an attacker can get hold of your CPU or GPU and access it live through an internet connection, you can be cryptojacked. You’ll be wasting your own computing resources and electricity to reward some attacker you’ve never met with cryptocurrency.
How common is cryptojacking?
Cryptojacking started as a transparent and legal way for websites to make money. Rather than have to view ads to visit a free website (the most common revenue model for free sites), some websites would ask you to mine cryptocurrency while you were browsing. The site would leave enough CPU resources for you to browse unhindered, and earn itself a small revenue from each customer. This seemed like a win-win deal until attackers caught on to the idea and started abusing it by stealing almost all of your computing resources without your permission.
According to Malwarebytes, cryptojacking is already one of the most common threats you’ll encounter online. It says, “Criminals even seem to prefer cryptojacking to ransomware.” This might be because it’s extremely profitable but much more difficult to detect. The stakes are also nowhere near as high as for ransomware, which is extremely damaging and a top priority of governments and cybersecurity organizations. Cryptojacking doesn’t really have the same potential to ruin someone’s life or business as ransomware. So, there will likely be fewer resources dedicated to fighting it.
Cryptojacking tends to get more popular during cryptocurrency booms, as it was during the crypto boom of 2017/18. Now, with the crypto boom that began in 2020, it’s thriving again. Browser-based cryptojacking saw a sudden 163% increase in detections in Q2 2020. Mining malware accounted for 41% of all malware detected in 2020. That’s a huge percentage of the malware market. It makes it the most common type of attack on the internet.
The damage from cryptojacking is a little more difficult to calculate than other attacks, such as ransomware. The costs are more subtle – mainly electricity and lost productivity due to loss of CPU time. These attacks aren’t as immediately devastating as other forms of attack. They are more of a continuous, insidious drain on an individual or organization’s resources.
How to avoid cryptojacking
You should keep all your devices updated and protect them with antivirus software. Avoid questionable websites altogether and don’t download files and software from untrusted sources.
There are also options to stop cryptojacking in particular. There are specific cryptojacking blockers available. You can install special extensions to block web mining. As many cryptojacking websites exploit your browser via JavaScript, you can disable JavaScript, too. But keep in mind that this method will disable some web functionality.
How can companies protect themselves from cryptojacking?
Cryptojacking can also cause harm to large companies. In fact, access to large cloud computing services through company accounts is the perfect way for cryptojackers to earn big bucks. There have been many high-profile examples of companies being cryptojacked. Aviva, a British multinational insurance company, was cryptojacked via its Amazon Web Services account. Even top technology companies have fallen victim to these attacks. Tesla was cryptojacked in 2018, although the damage to the company seems to have been limited.
The way for companies to avoid cryptojacking is to raise security standards and protocols. Attacks are often made through an organisation’s personnel, so each employee needs to be aware of the threats at the company level. Cloud services, such as AWS, are a common attack point, too. These services need to be constantly monitored for suspicious activity.
Conclusion
Cryptojacking is the newest way hackers are profiting at the expense of internet users. It gives them a sneaky but reliable way to make a profit without causing too much collateral damage. This has propelled the activity to become one of the most popular attacks in the world. If the prices of cryptocurrency are currently booming, you can bet there are cryptojackers everywhere looking to cash in on the upturn at your expense. Keep your personal and company cybersecurity a top priority at these times. Or, you could be stuck with a slow computer, a huge electricity bill, or massive cloud computing costs.