.png){kind=spacer}
Although cryptocurrency is somewhat of a mystery to the general public, large sums of money are changing hands through cryptocurrency transactions. However, people can also profit by mining cryptocurrency, verifying and authorizing transactions, and adding those transactions to the blockchain digital ledger. This involves the use of sophisticated algorithms by “miners” who compete with each other to crack the code and earn the reward.
The moneymaking potential hasn’t been lost on hackers, who are now hijacking the compute power of other people’s desktops, laptops and servers to mine cryptocurrency. This form of cyberattack, called cryptojacking, is typically launched after a user clicks a link in a phishing email that downloads cryptomining code onto the device. Devices can also be compromised if the user visits an infected website or is exposed to an infected ad. Some attacks use steganography to hide the code in images.
Today’s hackers are focusing more on ROI, which cryptojacking can certainly deliver. To get started, just buy a cryptojacking kit on the dark web for as little as $30. Use botnets to automate attacks and cryptocurrency mining activities across multiple devices. Every compromised device is a source of revenue, and attacks are difficult to trace. No data is stolen or exposed, so there are no obvious red flags.
Hackers have found that cryptojacking delivers more bang for the buck than ransomware. For ransomware to be successful and profitable, you either have to get the victim to pay the ransom. As awareness and defenses have improved, profiting from ransomware has become more difficult.
In fact, a recent report from IBM Security revealed that cryptojacking attacks outnumbered ransomware attacks by a two-to-one margin in 2018. Hackers are more interested in making a lot of money in less time and letting technology do the work than finding ideal targets, trying to disrupt an organization’s operations, and either collecting a ransom or selling stolen assets to the highest bidder.
Because cryptojacking only involves the stealing of compute power and not sensitive data, many don’t see what the issue is. Experts disagree about whether cryptojacking is even a crime. However, cryptojacking can have a noticeable impact on application performance and affect user productivity. It can drain a device’s battery or even cause it to overheat. You’ll use more power and run up your energy costs. Your company will probably waste money, time and resources trying to investigate and correct the problem. You might even end up buying new computers to replace those that can’t seem to deliver adequate performance or hold a charge.
Because the damage caused by cryptojacking isn’t obvious, users need to be educated about the warning signs. Unexplained performance slowdowns, overheated devices, and equipment failure shouldn’t be simply chalked up to bad connections and uncooperative technology. Train employees to recognize and report these warning signs right away. Make sure your security software can detect cryptomining code. Use browser extensions that prevent cryptomining and recognize unusually high resource consumption.
Cryptojacking is not a victimless crime just because your sensitive data is unaffected. It can slow down the pace of business and wear out your devices. Let us help you put the necessary tools and training program in place to reduce the risk of rapidly growing threat.
