Illicit cryptocurrency mining or cryptojacking is on the rise and is now one of the most popular and fastest-growing forms of cyber-criminal activity. Increasingly, in the process of engaging with clients at Axial, we are seeing instances of cyber-criminals hijacking machines to mine crypto-currencies, writes Nathaniel Wallis, pictured, security specialist at Axial Systems.
Some cryptojacking campaigns focus on hijacking the computing resources of visitors to compromised websites. Others concentrate on hijacking computing power from corporate servers. Both are hard to detect. In the former case, it is difficult for users to ascertain that the page has a hidden mining component, especially as they are unlikely to notice any significant impact on performance. In the latter, performance across business networks will inevitably drop during an attack but most illicit activity takes place outside business hours, with the most noticeable short-term impact being higher energy bills due to increased power consumption.
Large powerful business systems are often attractive to cyber-criminals simply because they can generate high levels of power. However, mobile phones are also a viable target largely because they offer a means for these groups to hijack large numbers of devices in a single campaign.
Criminals are also lured into this kind of crime by the poor level of security on many phones. It is relatively common for many mobile phone users not to use any form of security applications or web filtering on their devices. Therefore, they are effectively not warned about suspicious activity. As a result, we have already seen examples where large numbers of Android users have effectively lent their phones to what have become known as ‘drive-by cryptojacking campaigns’.
What all these forms of cryptojacking have in common is that they allow the criminals to get someone else to do all the ‘heavy-lifting’ and incur the costs for them while they are able to walk away at the end of the process undetected but reaping the rewards of the activity done.
In short, cryptojacking is an easy, low-risk way for cyber-criminals to make money. After all, if they can get another individual’s or organisation’s computers to mine the currency, they take the onus off themselves and they no longer have to incur the significant costs of the mining process.
Even if cryptojacking is difficult to detect in the short-term, the long-term impact on the businesses whose machines have been hijacked will extend beyond higher energy bills. Once discovered, the simple realisation that someone has been using their systems over a prolonged period to mine cryptocurrencies is a bad enough setback to bear. However, organisations also need to bear in mind that mining cryptocurrency is a heavy-duty process that can result in significant wear and tear on the computing infrastructure. As a result, for the businesses affected, the knowledge that the criminals have effectively been driving the organisation’s systems into the ground, is likely to be even more galling.
The bad news is that as the popularity of cryptocurrencies increases and forms of malware proliferate, the cryptojacking threat is likely to get even worse. So how can businesses protect themselves? First and foremost, they need to ensure they are following network security best practices. Patch management is key – organisations need to implement all the latest patches as soon as they become available. This is an essential prerequisite, that is sadly neglected by many businesses but it is unlikely to be sufficient in itself.
Patching will not protect businesses against zero-day, or other as-yet unknown, threats, for example. So what additional techniques can be implemented?
From an endpoint perspective, anti-virus or anti-malware software can help protect the business. Systems that are specifically looking for anomalous behaviour are also key. Finally, it is imperative that organisations implement systems that continuously monitor the performance of their machines and their network as a whole. That’s crucial because performance management is often able to quickly identify any spikes in the way that machines are operating and therefore provide instant awareness of problems.
Systems integrators and security solution providers can play an important role here too by providing consultancy and supporting technology. They can more specifically assist customers with best practice and talk through and improve their security posture. To support that approach, they can also provide tools that help with patch management, or that are focused on prevention or monitoring, or driving optimum performance.
It’s clear that cryptojacking is the latest trend in malware and its unlikely to decline in popularity any time soon. We are seeing large-scale attacks proliferating, the approach can bring perpetrators quick rewards and it will continue to be seen as a low-risk way to make money – for the foreseeable future at least. That’s why it’s vital that organisations are prepared; that they are implementing best practice security approaches and the systems and solutions to protect themselves against cryptojacking, or as it is increasingly seen, the latest, big cybersecurity threat.
