What is Cryptojacking attack, how to prevent?
What is Cryptojacking
Cryptojacking refers to an unauthorized access of other’s computer in order to mine cryptocurrencies such as Bitcoin, ripple, ethereum etc. Hackers get the access of the victim’s computer by encouraging them to click on a malicious link containing in an e-mail that ultimately loads the cryptomining code on their computers. Cryptojacking can also be done by injecting javascript code in a website or in an online ad that automatically loads on the victim’s browser with the website or through online ads.
Bitcoin, Monero and Ethereum keep puzzling even experts. The value of cryptocurrencies rises and falls – it remains exciting, even for criminals who enrich themselves with the new payment system with the help of cryptojacking. They use malware to hijack computing power to mine Bitcoin & Co. However, the main risk for companies in cryptojacking is what other options hackers have to do once they have access to the network. How can companies recognize illegal cryptomining in their systems and at best prevent them?
Since Bitcoin crashed in 2018 and other cryptocurrencies such as Monero, Ethereum, Dash, Litecoin or ZCash tore down on the stock exchange, cryptojacking has slipped compared to the most common cyber threats. Ransomware has regained the top spot. This assessment is based, among other things, on the annual security report of the cyber security provider SecureLink .
The end of Coinhive announced in March fits into this argument. This legal platform provided a Javascript that website operators could incorporate into their website in order to mine the cryptocurrency Monero. A website visitor had to agree to the mining. However, hackers implemented manipulated Coinhive scripts in third-party websites, which degraded Monero in the background without the knowledge and consent of website visitors. The profits went into the pockets of the criminals. Now it can be expected that criminals will switch to other platforms, especially CoinImp or Crypto-Loot. Browser-based cryptojacking thus remains a real danger and a lucrative business even without coinhive.
This is also indicated by the current development of cryptocurrencies. Bitcoin currently costs over $ 8,800. For comparison. Even though this is still far from the high of $ 20,000 in December 2017, there is an upward trend.
In addition, cryptomining is a continuous source of income for criminals even at low rates, provided that they let enough miners work for them. Therefore, companies are well advised to deal with cryptojacking and any protective measures
How Hackers Use Crytojacking?
Hackers not only inject mining scripts into the code of websites, but also install software on the computers of those affected via malware attacks. In the first scenario, criminal prospecting ends when a browser user closes his session. Your own technology is not damaged. As a prevention method, it is recommended to install an ad blocker. This prevents the display of ads that could have been prepared with a mining Javascript. In addition, dangerous web addresses can be prevented via the browser setting via blacklisting.
For the second, more dangerous variant, criminals use security gaps to implant the mining script on web servers, routers or in content management systems. As a result, the script is redistributed to all websites that flow through these systems. To make matters worse, the hackers penetrate the system. For example, you can set up botnets and sublet them for DDoS attacks, spam campaigns or click fraud. Prepared apps are another way of distributing the script, both for PCs and for mobile devices. For example, Microsoft recently removed eight applications from the Windows Store because they were infected with cryptojacking malware.
Resource theft in the cloud
It can be really expensive if hackers access almost unlimited computing power via cloud infrastructures. In early 2018, the automaker Tesla was the target of a cryptojacking attack that infiltrated the company’s AWS infrastructure with mining malware. The criminals used Kubernetes administration consoles as the gateway, which were publicly accessible via the Internet without password protection. This was the finding of a report by the security specialists at RedLock Cloud Security, who discovered the incident.
Infected systems become slower, are more heavily used and consume more electricity, which is due to the complex computing for digging. A network monitoring solution therefore helps to identify such incidents. It shows both abnormalities in system utilization and suspicious network communication, for example because cryptojacking malware receives its computing tasks from a mining platform and sends its results to it. Intrusion detection systems (IDS) or security information and event management (SIEM) also contribute to the detection of anomalies.
How to prevent from cryptojacking
As a preventative measure, companies can arm themselves with an enterprise proxy solution that blocks dangerous URLs centrally for all computers in the network. In addition, this offers log monitoring, virus scanning and sandboxing and filters out Javascript in some versions. Companies should set up an SSL inspection for SSL-encrypted (Secure Socket Layer) web traffic. The proxy decrypts incoming data, checks it and encrypts it again before it is passed on. Security officers should also control or restrict the functions of smartphones or tablets using Mobile Device Management (MDM). An intermediary proxy can block access to private, non-secure email accounts or prevent apps that are not released from being installed.
New trend: shape jacking
Those who do not protect themselves from mining malware are also vulnerable to other malware. A new trend is already emerging: shape jacking. The criminals penetrate through web servers and content management systems, i.e. via server structures. You implant a Javascript into websites that picks up data from forms. For example, if a customer enters his payment information and clicks the “Submit” button, a copy of his data is sent to the hacker, who can then use it himself or resell it on the Darknet. Shape jacking is not a new phenomenon in itself. In August and September 2018, security specialist Symantec a significant increase in such attacks.
Conclusion
Cryptojacking malware is cleverly camouflaged and usually has no serious consequences, which is why many incidents go unnoticed. However, companies should take the risk seriously, pay close attention to signs, and review their security measures. Because even if it is a “malware light”, it is still a successful attack that indicates security gaps. Other attackers can also exploit these vulnerabilities. If hackers manage to infect a system with cryptojacking malware, they can take control unnoticed. Undesirable cryptomining is probably the smallest problem that those affected have to reckon with.