What is Cryptojacking?

When cryptojacking occurs, the victim often has no idea their device is being used.

Cryptojacking has quickly become one the most common forms of malware. It stands out from typical malware in that it isn’t necessarily after your data, it’s targeting your processing power. This processing power is used to mine cryptocurrency such as Bitcoin or Ethereum.

In the world of cryptocurrency, crypto mining is the process used to validate transactions and add them to a blockchain ledger.

In a nutshell, cryptocurrency is a digital currency and alternative to more traditional currencies such as the US dollar. Cryptocurrency control is decentralized and distributed by means of a blockchain ledger. The ledger is protected by complex cryptography humans cannot break without the assistance of sophisticated computing power.

This is where cryptocurrency miners come in. A crypto miner is responsible for validating the transaction and updating the blockchain. Miners compete against one another to solve intricate cryptographic equations, this is where the computing power is put to use. The first miner to solve the code is rewarded their own cryptocurrency.

With the rise in popularity of cryptocurrencies and their increasing acceptance as a legitimate way to trade online and buy goods, it was only a matter of time before this form of online money was exploited. Cryptoackers use a number of ways to enslave a device. One way is through distribution using traditional malware techniques, such as a link or attachment in an email. When the link is clicked or the attachment opened, the crypto mining code will be loaded directly to the computer, mobile phone or server. Once the crypto miner receives confirmation that the code is good to go, they can start using these network resources to mine around the clock.

An alternative method is to use what is known as drive-by crypto mining. This threat embeds a piece of JavaScript code onto a website and activates a mining process on any user machines that visit a particular webpage.

As with many malware threats, it can be a challenge to detect the intrusion once it has happened. In fact, the first you may know of an intrusion is a user complaining that their computer has suddenly slowed down, or one of your network servers starts reporting that it is running at maximum capacity. And when a system is running at maximum capacity, it can make troubleshooting incredibly difficult.

The trick is to prevent this exploit from happening in the first place.

While cryptojacking is still relatively new, attacks are becoming more commonplace and more sophisticated. Administrators need to take action at the firewall level by using advanced intrusion prevention systems and next-gen firewalls. If a network is compromised, steps should be taken to conduct a root-cause analysis that identifies how the malware was installed so that further repeat attacks can be prevented.