This is the first article in a two-part series focused on proactively managing cryptojacking risk to prevent cryptojacking at your company and focused on why cryptojacking is harmful to your organization, the types of systems at risk, and early indicators to detect cryptojacking. The second article, “How to Prevent and Detect Cryptojacking, Part 2”, provides 8 actionable recommendations to prevent cryptojacking and 6 ways to detect whether your organization has been cryptojacked.
Imagine someone stole your vehicle and used it to earn money as a taxi driver when you weren’t driving it. You are still paying to put gas in your car. Similarly with cryptojacking, cryptominers steal your computing resources at your expense for their financial gain. Cryptojacking is the unauthorized use of computing resources to mine for cryptocurrency.
Cyber actors do this by exploiting vulnerabilities in a web page, software or operating system and installing cryptomining software to hijack the processing power of victim devices and operating systems to earn cryptocurrency. Cryptojacking can also occur when malicious website hosts put cryptomining scripts on their site that allows them to exploit the CPU power of site visitors.
In 2018, cryptominers infected roughly more than ten times the number of organizations than ransomware. The reason for this increase is more financial gain for less risk for the actor. For example, an actor may only get a small percentage of victims to pay ransom from ransomware attack. In contrast, cryptominers benefit from every single infected device they exploit. Further, the cryptomining software may go undetected on a company’s network. This provides long term gain for the cryptominer at the expense of depleting victim network resources.
Why Cryptojacking is Harmful to your Organization
Cryptojacking goes beyond the miners profiting from your hardware and computing power. It causes wear and tear on systems. It can disrupt productivity or degrade network performance due to monopolized bandwidth and processing resources. This increased power consumption can result in higher energy bills, system crashes (loss of data, time and money), and possible hardware damage due to extreme temperatures. Further, cryptojacking can lead to financial losses from system performance slowdown or failure, system and file restoration downtime, and infected cloud infrastructure issues.
Additional negative impacts of cryptomining include:
- Legal implications per select regulations
- Your network may be used to deliver malware or manipulate web-page content
- Harm to corporate image
Types of Systems at Risk of Cryptojacking
Cybersecurity researchers reported cryptocurrency mining tools on 1.65 million client computers in 2017. For example, we have seen cryptojacking campaigns infect movie files, routers, popular websites, and more. Any Internet-connected device with a central processing unit (CPU) is at risk of being cryptojacked, including computer systems, network devices, mobile devices, and other Internet of Things (IoT) devices (e.g., smart TVs, video cameras, printers, appliances, etc.).
Early Detection of Cryptojacking
Preventing and identifying a cryptojacking incident on your systems can be challenging. Attack surface size and the number of systems and devices that you are responsible must be considered. What are some early warning signs that you have been cryptojacked?
- Internet connection is slower than usual
- Unusually high CPU usage
- CPU fan runs faster when on a particular site (non-persistent) or it continues to run fast even when not actively in use (persistent)
- PC running very slow
Inform your security team that hardware and software integrity controls can help prevent cryptojacking. A cybersecurity review that looks at controls for ensuring the integrity of your company’s systems, software, and code can help prevent cryptojacking at your company. These are not the only signs that you may have been cryptojacked, they can help identify suspected incidents for further investigation.
Check out the second article in this two-part series that addresses how to prevent and detect cryptojacking here.
Contact GPSG at cyberteam@gpsg.co for a free consultation on cryptojacking identification and best practices in prevention.
Disclaimer: This blog provides ever changing content, conversations, and insights on cyber threats and trending solutions that is accurate to the best of our knowledge. Although we are cybersecurity experts, we provide information which we hope is helpful, and do not endorse any specific products, tools, or solutions referenced herein. Consult with your cybersecurity team before taking any action.