Cryptojacking: The Latest Major Cyber Threat

 

Cryptojacking is quickly becoming a popular cyber threat for 2018. According to McAfee Labs, the count of total coin miner malware rose by 629% in Q1 of 2018 alone, to more than 2.9 million samples. The rise in cryptojacking activities is largely due to the increase in the value of bitcoin and other cryptocurrencies.


What is cryptojacking?

Cryptojacking is defined as the unauthorized use of someone’s computer to mine cryptocurrency.

Mining in the cryptocurrency world involves using computing power to solve difficult mathematical puzzles. When the puzzles are solved, the miner receives a fixed amount of new cryptocurrency. Legitimate miners will invest thousands of dollars in hardware and electricity to create cryptocurrencies. However, hackers are unwilling to invest their own resources. Instead, they will hack into the computing power of unsuspecting victims in order to create their wealth.

How do cryptojackers steal computing power?

Website infection: The hacker will insert a javascript code into a website or online ad. When someone visits the website, the code will load and start using the visitor’s computer to mine cryptocurrencies. The activity will stop when the visitor leaves the website.

Device infection: The hacker will place cryptojacking code into a phishing email attachment or a rogue device application. Once someone clicks on the phishing email or opens the application, the code will start running and the device becomes part of the hacker’s mining network.

 

A device infected with cryptojacking malware will show these symptoms:

• The device keeps overheating
• The computer fan operates nonstop when no programs are open
• The device freezes frequently
• The cursor drags a few seconds behind the mouse
• Applications take an extended amount of time to open

 

Cryptojacking can ultimately have negative consequences for the business in:

• Lowered productivity
• Increased downtime
• Lost time and money on additional tech support requests
• Paying unexpectedly high electricity bills
• More frequent replacement of hardware

 

How can I defend against cryptojacking?

Do not click on attachments and links from unknown senders.

Keep device operating systems, applications, and browsers up to date.

Use endpoint protection software, such as Trend Micro and Sophos. Scan devices on at least a weekly basis.

Use email and web filtering software that prevents users from accessing dangerous content.

Use script-blocking browser extensions, such as ScriptSafe for Chrome and NoScript for Firefox.

Download software only through a reputable vendor’s website. Also, select enterprise software over consumer grade versions. With enterprise software, the vendors tend to install more security controls and release patches on a regular basis.

Contact our helpdesk if you notice ongoing system slowdowns and/or crashes. You can send us a support request via email (This email address is being protected from spambots. You need JavaScript enabled to view it.) or phone (877-794-3811) and a technician will work on cleaning out the malware.

Follow security best practices on your website

  o Keep website software, plugins, and themes up to date.

  o Backup your website daily or weekly, depending on how often you update the site’s content. Most web hosting companies will keep daily backups of your website ranging from two weeks to a month in the past. Also, if you have a content management system (CMS) website, such as WordPress, you can install a plugin that automatically sends backups to a cloud provider (such as Amazon Web Services).

  o Use security software that can block malicious script injection activities. If you have a CMS website, you can install a security plugin such as Wordfence for WordPress. Another option is to use a cloud web application firewall, such as CloudFlare.

 

If you would like added protection, you can ask us about our Security as a Service. It includes enterprise anti-virus and anti-malware, web security, email security, intrusion protection, and security monitoring. Contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or 877-794-3811.

 

Contact us at 877-794-3811 or [email protected] for Professional IT Support

get in touch