What is Cryptomining and why should you take notice

By January 15, 2019 No Comments

Cryptomining witnessed a huge rise this past year. While it may appear much less damaging than other attacks, it can be just as dangerous, so you can’t afford to overlook it.

There’s been a change in the cyber landscape in the past 12 months: a sharp decline in ransomware has been coupled with a massive surge in incidents of “cryptojacking”. Reports pointed to a 629% increase in cryptojacking malware samples in the first three months of 2018 — up to 2.9 million compared with 400,000 in the previous quarter.

One thing that seemed to be fuelling this rise was a spike in the value of cryptocurrency prices. For hackers, this effectively meant that crytpojacking represented more money for less risk. With ransomware, a hacker might expect to see perhaps three people in every 100 pay ransomware, whereas with cryptojacking, all 100 of those infected machines work for the hacker to mine cryptocurrency.

What is cryptojacking?

Simply put, cryptojacking is where attackers inject malware into your networks using methods such as phishing or via infected websites, but instead of actively looking to steal your data or launch a ransomware attack, they simply use your processing power to mine cryptocurrency. While this may seem more benign than taking your data, don’t be fooled… we’ll come to that in a moment, but first we need to look at what mining cryptocurrencies actually means.

Why is cryptomining a big thing?

Cryptocurrencies allow people to own currencies without going through a centralized authority like a bank. Instead of having to use hard currency like dollars, Pounds, Euros or Yen, people use currencies like Bitcoin instead — although cryptojackers are more likely to use other cryptocurrencies like Monero and Zcash, which are much harder to trace because of the way their ledger systems work.

If you had your money in a bank, they would have a ledger of transactions to prove that you had the money and when the money was transferred to another party.  Blockchain technology is used as the ledger for cryptocurrencies.

Blockchain is powered by a decentralized, peer-to-peer network of computers, and within this network users compete to add a “valid” block to the chain by meeting a set of digital rules. If someone adds a block to the chain, they get rewarded with a set amount of currency. With Bitcoin, for example, adding to the block could see you reap 12.5 bitcoins as a reward. Currently (at time of writing) one bitcoin is worth € 3,523.53, so that would bring you 3,935.87 US dollars, so you would net €44,044.125. So this is a fairly significant return.

The problem is that creating another block in the chain requires a huge amount of computer processing power, as you have randomly generated a what’s called a hash, that hash must be lower than any previous hash. The hash is generated using a hash algorithm, this process is complex process – the more power you have, the faster you can generate a hash. While many people legitimately mine for cryptocurrency using huge farms of servers there can be a substantial cost involved in terms of set up and electricity. Cybercriminals are looking to gain an advantage by stealing companies’ processing power and using it to help them generate the required hashes with very little outlay.

Why you shouldn’t dismiss Cryptomining

On the surface, it may be tempting to dismiss this threat, after all it’s just a bunch of hackers piggy backing your processing power, causing your system to run a little slower. It’s not like they’re stealing financial data like credit card numbers or exfiltrating your email. However, the fact that these infections often sneak in under the radar of many companies there is a huge upside for cybercriminals.

The cryptominer malware installed on your systems is just the payload; and it means they have a foothold in your network, an open back door if you like that they can use whenever or however they please. If the value of cryptocurrencies goes down, they could very easily decide to launch a ransomware attack. So this isn’t something to take lightly.

How do you reduce your cryptojacking risk?

While this is a different type of attack, it’s still using common attack vectors.

For example, one common method for deploying cryptomining malware involves sending a phishing email with a containing a link that downloads a cryptomining script onto your machine. This software can then run in the background on a computer, often remaining undetected. Strong perimeter email security will help you to reduce the risk of the malware getting into your network in this way.

Another common of spreading cryptomining malware is via JavaScript on infected websites or adverts. When a person visits an infected site or clicks on an infected ad, the cryptomining code will download and start to steal processing power. A powerful way to combat this is through creating a blacklist of websites that are blocked within your company. Having access in-depth and up to the minute threat intelligence is invaluable in this situation as it will help you keep track of infected or unsafe sites and ensure that they are blocked within your corporate networks to help keep users off unsafe sites.