Cryptojacking is one of the latest online threats to emerge and is also referred to as malicious crypto mining. It hides in the background on a mobile device, laptop or computer and utilizes the machine’s resources to ‘mine’ cryptocurrencies, which are online forms of money. Cryptojacking is a menace that can compromise any type of device, even networks and can take control of web browsers.
As with other cyber attacks, the primary motive is money, but unlike ransomware, cryptojacking is designed to operate undetected from the user. While the goal of cryptojacking is to mine cryptocurrency for an attacker, as a result, it steals from your organization in the form of energy, security, productivity, and hardware. We will explain below how this new threat works as well as how you can identify if your business has been compromised.
Even with the recent decline in Bitcoin and other cryptocurrency value, the currencies still fluctuate dramatically and are actively traded. As the cost of mining cryptocurrencies can almost match the price of a coin, attackers have started to mine them on other people’s equipment so that they are spared the expense.
Cryptojacking is quickly becoming a preferred method for cyber criminals because of how easy it is to conceal. Indirect and low damage to a victim’s computer makes it unlikely to be exposed and increases the chance that it will have a long lifespan. Crypotjacking is an attractive opportunity for cyber criminals as when stealing someone else’s resources, it is a low-cost way to make a profit.
Research has shown that infecting a single machine can net an attacker approximately $10 per day, so cryptohackers often look for opportunities in organizations that have a large number of devices on the same network, like a university, and will try to infect as many machines as possible while remaining hidden for as long as possible.
Attacks happen similar to other forms of malware, where it tries to sneak into an endpoint, usually via a download, browser or plugin vulnerability or phishing campaign. Again, it is often employees, the weakest link, that fall victim to social engineering tactics that can allow a cryptojacker access to the organization’s network.
The first financial impact once your organization has been compromised by cryptojacking is the additional electricity. It can often cost up to $6 per day per affected device. The damage it can do to your systems and hardware is another cost as it typically uses the devices video card or processor, which adds additional strain and will shorten the lifespan., requiring replacement. For mobile devices, it is typically the battery that will suffer damage. Loss of productivity is another concern, as limited resources can impact workflow. Staff may have difficulty accessing certain applications or programs and be faced with frequent system crashed.
Malware strains such as cryptojacking can be a gateway to other exploits. Once installed and operating on numerous devices, it can create a backdoor to the attacker to access critical organization information such as passwords or personal data. Some attackers may even add ransomware to the device after they have access.
It can be difficult to tell if you are infected by cryptojacking but a few of the common warning signs are significant increases in your processing power, unknown processes running in an environment, slower than normal load and processing times, hotter than usual batteries or extra active fans.
To learn more about what cyber threats, like cryptojacking that your organization may be faced with, get a free assessment today.