The trend toward cryptojacking: What it is and how businesses can prevent it

Digital attacks have evolved quite a bit in recent years. First, businesses and researchers observed a rash of ransomware, wherein encryption was exploited to lock users out of their data and files in an attempt to collect financial ransom.

Now, the next big wave in cybercriminal strategy has come, involving increasingly popular cryptocurrencies and the ability to leverage the computer power of unknowing users’ systems to mine a profit. This process is called cryptojacking – and it’s putting businesses and individual users all across the globe at potential risk.

Understanding cryptojacking: Defining the basics

Ahead of delving into this new cybercriminal process, let’s break down the underlying concepts.

Cryptojacking revolves around cryptocurrency mining, a process in which users leverage infrastructure systems and their computing power in order to verify digital transactions and reconcile associated hash function algorithms. This process enables users to create the next block of transactions in the blockchain, the digital, unchangeable ledger wherein all cryptocurrency transactions are recorded and compiled. Once a transaction is verified, the next block in the blockchain is created – once established, blocks within the blockchain and their associated transactions can not be adjusted or shifted.

“Each time a cryptocurrency transaction is made, a cryptocurrency miner is responsible for ensuring the authenticity of information and updating the blockchain with the transaction,” Webopedia explained. “The mining process itself involves competing with other cryptominers to solve complicated mathematical problems with cryptographic hash functions that are associated with a block containing the transaction data.”

The miner that is first able to resolve the hash functions is then able to authorize the transaction and earn a small profit in cryptocurrency for adding to the blockchain. It is this

competitive nature and potential for reward – despite only being a small amount per transaction – that has attracted hackers and other malicious actors to the arena.

Cryptojacking involves the fraudulent use of user systems for cryptocurrency mining.

Cryptocurrency mining vs. cryptojacking: What’s the difference?

Legitimate users, leveraging their own systems and the required specialized mining hardware, can engage in cryptocurrency mining. In fact, as noted above, the process is essential for verifying transactions hinging upon the use of cryptocurrency, and to support the continual growth of the underlying blockchain ledger.

However, there is a stark difference between legitimate and necessary cryptocurrency mining and malicious cryptojacking processes. The distinction here rests in authorized use.

Cryptocurrency miners utilize their own systems and therefore have authorized permission to leverage this computing power in order to solve the associated hash functions and create the next block of transactions in the blockchain. Those engaged in cryptojacking, on the other hand, breach and use someone else’s computing systems in an unauthorized manner.

Within cryptocurrency mining, the miner is the authorized user of the system being leveraged and reaps the small cryptocurrency reward for verifying transactions. Cryptojacking sees this reward delivered to the hacker who has broken in and is stealing the resources of another user’s systems.

As CSO contributor Michael Nadeau explained, the infection process is somewhat similar to other attack styles like ransomware.

“Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by infection a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser,” Nadeau wrote. “Either way, the cryptomining code then works in the background as unsuspecting victims use their computers normally.”

Once infected, users are often unaware that their systems have been leveraged for cryptojacking by an unauthorized intruder. In this way, the malicious actor can allow the cryptomining software to operate in the background and enable them to earn a profit by verifying cryptocurrency transactions.

As Nadeau pointed out, the only somewhat tell-tale sign of cryptojacking is a slowdown or lag in performance or action execution, which can also be a symptom of an array of other types of infections or system issues.

There’s a substantial difference between cryptojacking and cryptocurrency mining.

Cryptojacking campaign discovered: Infected live support platform

Concrete evidence in the rise of cryptojacking lies in the increasing discovery of infected sites, spreading cryptomining software to unsuspecting visitors. Trend Micro reported on just such an instance in November 2017, wherein a considerably large cryptojacking campaign was uncovered, with a live chat and support platform at the center.

Security researchers discovered that nearly 1,500 websites that included a widget for the live chat and support platform were infected and being used for cryptocurrency mining.

“A copy of the Coinhive in-browser cryptocurrency miner was found inside a JavaScript file used by LiveHelpNow, a live chat and support platform that was being loaded on the websites,” Trend Micro reported.

This issue is worsened by the fact that the JavaScript code doesn’t have to be specifically installed in order to allow for cryptojacking – users need only visit the affected websites that include the LiveHelpNow widget including the Coinhive code. Once a user loads the webpage, the mining code runs automatically within their browser.

Many of the 1,500 sites impacted by the infected LiveHelpNow widget were e-commerce companies and small, private businesses. Interestingly, attackers chose an ideal time to put the cryptomining code in place – right ahead of the busy end-of-year shopping season.

Recognizable names including Everlast were included in the list of affected websites included in this cryptojacking campaign. Other organizations’ websites – including Politifact, Showtime and even Pirate Bay – have also been impacted by cryptomining code.

“Users accessing the affected websites will see their CPU usage shoot as Coinhive script mines the Monero cryptocurrency for another party,” Trend Micro noted.

The issue for businesses: Cryptojacking prevention

While cryptojacking is certainly a prominent risk for all users, the threat could hit enterprises particularly hard. When available CPU resources are being leveraged to support cryptomining, the performance of other platforms that rely on this support will suffer. This can prevent employees from properly engaging and using company platforms and necessary software. And while cryptocurrency mining and cryptojacking are still in their infancy, now is the time for organizations to prepare and guard against this threat.

First, it’s imperative to include cryptojacking as part of security awareness training. When workers and IT department members in particular understand what to look for, they can help reduce the risk. There are also ad-blocking and anti-cryptomining extensions that can be installed within web browsers to help avoid infections.

Endpoint protection and specific, robust solutions like Trend Micro Smart Protection Suites and Worry-Free Business Security can help safeguard organizations and their users through the fast detection and blocking of malicious files and websites.

To find out more, connect with the experts at Trend Micro today.

Read More HERE