Instead of paying for computing power themselves, hackers opt to secretly use thousands of compromised computers to generate cryptocurrency. They gain control of a victim’s PC by using phishing emails to lure them into clicking on a link, which then runs malicious cryptomining programs on the computer. Any cryptocurrency produced then gets delivered to the hackers’ private server.
But wait, there’s a more insidious tactic hackers use: infecting websites with ads and plugins that run cryptojacking code. By doing so, any visitor who loads the web page instantly gets infected with the malware, which sends their computer’s processor into overdrive as it tries to generate cryptocurrency.
If there’s a silver lining here, it’s that cryptojacking software won’t compromise your data unlike most malware do. However, it will hijack your hardware’s processing power, so you’ll experience decreased PC performance while your electricity bills increase.
Surge in cryptojacking
The biggest reason why cryptojacking is becoming so popular is that it’s a low-risk, high-reward scheme. Instead of extorting money directly from the victim, hackers can secretly generate digital currencies without the victim knowing. And even if it’s detected, it’s almost impossible to track down who initiated the attack. Moreover, since nothing was actually “stolen” (other than a portion of computing power), victims have little incentive to apprehend the culprit.
Cryptojacking is also a cheap investment. For as little as $30, anyone can purchase a cryptojacking kit from the dark web to force other computers to generate Bitcoin or Monero for them. And while it’s difficult to tell how much exactly are hackers earning by cryptojacking, we can only surmise that it’s more than the initial $30.
Because of these reasons, there’s a good chance that this type of attack will be as popular as ransomware was in 2017. According to several reports, even sites like The Pirate Bay, Openload, and OnlineVideoConverter are allegedly using cryptojacking exploits to diversify their revenue streams.
Prevention and response
Prevention is always better than cure, so include cryptojacking in your monthly security training sessions. If employees practice extra caution in dealing with unsolicited emails and suspicious links, then hackers will have no way into your systems. Using ad-blocker or anti-cryptomining extensions on web browsers is also a great way to stay protected.
Beyond prevention, network monitoring solutions should also be used to detect any unusual computer behavior. For example, if you notice a significant number of PCs running slower than usual, assume that cryptojacking is taking place. And once it’s confirmed, advise your staff to close browser tabs and update browser extensions as soon as possible.
Because cryptojacking doesn’t steal data, it may seem less threatening than some malware, but in reality, its effects are just as severe — it can incur real power, cooling, and performance costs to your business when several systems are compromised. To make sure your business stays in top form (and that you don’t end up enriching any hackers), contact us today. Our hardware solutions and cybersecurity tips will keep your business safe and sound.