One of the key features of the 2018 cybercrime landscape was the rapid rise in cryptojacking due to the spike in cryptocurrency values. A classic case of cybercriminals following the money. But what is cyber crime when we talk about cryptojacking?
Cryptocurrency basics
In order to understand cryptojacking we need to know a bit about cryptocurrencies and how they work. You’ve certainly heard of Bitcoin, probably the best-known cryptocurrency, but there are lots of others too.
These currencies work using a technology called ‘blockchain’. This works by adding all transactions in the currency to a digital ledger. In order to verify the transactions in the blockchain ledger, a series of complex mathematical calculations need to be carried out. This is a process known as ‘mining’ and completing a successful blockchain calculation earns the miner a reward in the form of a small amount of the currency in question.
Mining can therefore be a lucrative activity, but it requires substantial computing power. This means that the cost of electricity used, the internet connection and the computing hardware can wipe out the earnings.
Step forward the cryptojackers
So what is cyber crime doing to get involved in this? As is often the case, cyber-criminals have spotted a money-making opportunity in the world of currency mining. This involves installing mining software on a computer without the user’s consent to steal their computing power.
Originally, this meant installing a virus on the machine but recent techniques have become more sophisticated. The latest method is to use JavaScript that runs in the user’s browser when they visit a compromised website. This may be a site created by the cyber-criminal or a mainstream site that they have modified. They may not even need to attack the site directly in order to do this. There have been cases of cryptojacking software being distributed on advertising networks. This means that it can appear even on legitimate sites as site owners don’t usually have control over which adverts are shown.
Once a machine has been cryptojacked and is running the software, it may be recruited into a botnet of other hijacked machines in order to expand the processing power available. The first and end user is likely to know of a cryptojacking attack is a slow down in the performance of their computer.
Preventing cryptojacking
There are several things you can do to ensure that your machine doesn’t get cryptojacked. First of all, you should consider installing an ad-blocking extension in your web browser. There are also some extensions that are designed specifically to detect and block mining scripts. In addition, you should make sure that your antivirus software is up to date as this can help guard against cryptojacking.
Businesses should install a device management solution on their mobile devices in order to control what software can be run. They should also update their user awareness training to allow the signs of a hijacked machine to be spotted – simple indications such as extra fan noise because the processor is working harder, for example.
