The growing global acceptance of cryptocurrency has caught the attention of cyber attackers. Lack of government regulations and no traceability have made cryptocurrency a favorite money laundering medium among cybercriminals This love for cryptocurrency also yielded cryptojacking, a silent attack in the world of crypto crime.
Cryptojacking surged in popularity during the late part of 2017, when Bitcoin prices reached a record high of $20,000. By 2021, cryptojacking incidents costing 97.1 million were recorded, according to the 2022 SonicWall Cyber Threat Report.
The debut of Coinhive's cryptomining code in 2017 encouraged website owners to start browser mining with visitors' consent. Even UNICEF Australia deployed it in 2018 to collect donations. However, this ethical aid soon turned into a problem when hackers figured out a way to infect computer resources with easy-to-deploy JavaScript cryptomining code. Often, this type of attack goes unnoticed for a long time. Cryptojacking degrades the processing power of servers quietly and slowly from the inside, and users may not even be aware it's happening.
In comparison to ransomware attacks, effectively carrying out cryptojacking is a cake walk for attackers. While ransomware is a one-time attack targeting organizational data and disrupting operations, cryptojacking is less dangerous to organizations in terms of stolen data and tends to be carried out over the long term. Hackers can earn millions by mining cryptocurrency using unauthorized computer resources.
Cloud instances are easy targets because of their ability to keep expanding regardless of CPU capacity. More infected instances means faster mining processes and more currency created. Threat actors will first establish access to the network and then infiltrate further. According to a 2021 cybersecurity report from Google, 86% of hacked cloud instances were used for cryptocurrency mining.
There was a time when ransomware used to dominate cybercrime. Today it's compelling to witness ransomware rapidly vanishing and cryptocurrency mining starting to take its place.
Once a mining script is injected by malware and the device is hijacked, there's no turning back. In most cases, it is difficult to diagnose what's causing the symptoms of the infected devices, such as system crashes, slow performance, or overheating. Phishing scams were traditionally used to hijack victims' computers and install mining scripts such as Coinminer and XMRig. Modern attacks are more sophisticated and use fileless malware that runs only in a system's memory.
The presence of mining script in an organization's devices is an indicator of a weak security posture. If cryptojackers can crack the organization's security perimeter to inject malicious mining code, attackers could target those same vulnerabilities to carry out other types of attacks.
To mitigate such threats, IT security teams can leverage the following tools and practices to maintain sound cyber hygiene:
Cryptojacking might not cause serious damage to the organization's data. However, the mere theft of resources, piled up over time, can negatively affect an organization's network performance and the productivity of its teams. This is why it's always better to take precautions early to avoid attacks like these altogether; as the saying goes: Prevention is better than a cure.