18 June 2018

Traditional cyber security measures often focus on preventing data loss and damage but this approach can ignore an increasingly prevalent threat that does not seek to achieve either of these goals – cryptojacking.

 

The latest National Cyber Security Centre annual threat report, published in April, warns of the growing risk of cryptojacking, a trend which shows no signs of abating. Hackers are increasingly viewing cryptojacking as a cheaper, more profitable alternative to ransomware, and are setting their sights on businesses of all sizes.

 

What is cryptojacking?

 

Cryptojacking is a form of cyber-attack whereby malware is secretly installed onto unsuspecting hosts in order to harness computer processing power for the purpose of mining cryptocurrency, which is then transferred to an attacker’s digital wallet.

While it does not seek to cause damage systems or steal data, cryptojacking is far from a victimless crime – it is a mass theft of resources. Infected systems will experience potentially significant drops in performance but it will rarely be clear what has caused the issue, and in many cases malicious scripts will persist indefinitely.

 

How does cryptojacking work?

 

Criminals will utilise a number of methods to install crypto mining code on users’ computers. The two most common attacks vectors are phishing and browser-based script injection.

By using traditional phishing tactics to lure unsuspecting victims to click malicious links in emails, attackers are able to install cryptojacking malware such as Coinminer and XMRig directly onto computer memory. Malicious scripts then continuously mine cryptocurrency in the background.

Browser-based or in-browser cryptojacking tools such as Coinhive inject scripts into popular websites or advertisements delivered to multiple domains. These sites and ads will automatically execute JavaScript code in victims’ browsers, utilising their CPU power for the duration of their visit. These attacks target sites with multiple concurrent users and long average session durations, including image boards and streaming sites, to keep malicious scripts running for as long as possible.

Botnet operators are increasingly incorporating cryptojacking into their existing arsenals and targeting both cloud and on-premise servers to extend computing power and maximise revenues. Smartphones are also being targeted, for example by the Android worm ADB Miner. Apple recently went as far as banning cryptomining apps on iOS to prevent attackers from taking advantage.

 

The economics of cryptojacking

 

As the most popular and valuable cryptocurrency on the market, Bitcoin might seem like the obvious choice for hackers. This however is not the case, with the vast majority of attacks mining the open-source cryptocurrency Monero.

The primary reason for this is CPU-friendliness – while Bitcoin’s mining algorithm requires a specialised ASIC setup and significant computing power, Monero can be mined using any computer or smartphone. Furthermore, Monero obfuscates its transactions and anonymises wallet addresses, making it even harder to track than other cryptocurrencies.

The attacks themselves are neither difficult nor expensive. Cryptojacking kits are available on the dark web for as little as £20 and do not require significant technical skills to utilise. Using basic means, cybercriminals can launch attacks that go under the radar and create a continuous stream of revenue almost instantly. The Smominru botnet, for example, is believed to have infected over half a million machines and generated over £3.5 million in January of this year alone.

This ease of execution, scalability and anonymity makes cryptojacking a particularly appealing attack technique for hackers. As long as cryptocurrencies maintain their value, the rise in cryptojacking will continue to accelerate. With individuals and enterprises alike being targeted, having an understanding of what to look out for and how to tackle it is essential.

 

How can you protect your business from cryptojacking?

 

Redscan offers the following advice to help businesses defend themselves against cryptojacking:

1. Security awareness training – employees should be made aware of the dangers of phishing-based attacks and informed about the latest cryptojacking trends as part of training exercises. They should also be encouraged to report slow computers and devices for further investigation.

2. Ad-blockers – web browsers should have ad-blocking software installed and regularly patched in order to block known cryptomining scripts.

3. Network monitoring – it is essential to build the capability to proactively monitor cloud and on-premise environments to detect malicious activity in its infancy. Implementing technologies like SIEM, IDSvulnerability scanning and behavioural monitoring is critical to this approach, but it also requires round-the-clock attention from certified security experts armed with the intelligence to identify cryptojacking attempts before it’s too late.

4. Endpoint protection – crypto-mining code can hide from traditional signature-based detection approaches so organisations need advanced endpoint analytics tools to maximise endpoint visibility and gather the information needed to isolate and shut down attacks.

5. MDM – organisations should implement a mobile device management policy to better control the devices, applications and extensions used by employees, and prevent the spread of mobile-focused cryptomalware.

 

About Redscan

 

Redscan is an award-winning provider of managed security services, specialising in threat detection and integrated incident response.

Possessing a deep knowledge of offensive security, Redscan’s experts are among the most qualified in the industry, working as an extension of clients’ in-house resources to expose and address vulnerabilities plus swiftly identify and shut down breaches. Services offered include: CREST Pen Testing, Red Teaming and Managed Detection and Response.

 

Read more:

Protecting against malware

Redscan receives Best Customer Service award at SC Awards 2018

What is SIEM and how can it improve your organisation’s cyber security?

 

back to all posts