Cryptojacking – where cybercriminals hijack CPU power and electricity from unsuspecting computer users to mine cryptocurrencies – can cripple a company’s network, increasing their costs and reducing productivity, warns Fernando Serto, Head of Security Technology and Strategy at Akamai Technologies (APAC).
“The idea behind crypto mining on completion user devices was originally conceived as a way to offset declining ad revenue on high traffic websites due to ad blockers,” Serto signified to Dynamic Business.
“Legitimate cryptocurrency mining services, such as Coinhive, will typically throttle the CPU usage to avoid impacting performance of other applications. However, cybercriminals are greedy. They want to get the best out of infected machines, so they run malware-based crypojacking scripts designed to use as much CPU as possible. This allows them to mine cryptocurrencies as fast as possible although victims are browsing infected websites.
“Cryptojacking can result in a defeat of productivity for companies due to slow and unresponsive systems, an increase in application crashes and even outages. In addition, it can lead to a costly spike in energy consumption, and sometimes scripts are run so intensely that it results in true damage to devices – for example, the Loapi crypto mining malware running on certain Android devices.”
Asked if there are any obvious warning signs that a company’s network is being cryptojacked, Serto replied: “Typically, if you notice high CPU usage, for example, you can hear the fans spinning when the only open application is a browser, and that can cause slowness/unresponsiveness on the device. That said, it can be difficult for companies, especially those with large networks, to attribute spikes in CPU usage to cryptomining.”
Serto stated the challenges associated with cryptojacking have been compounded by the rise of anonymous cryptocurrencies such as Zcash and Monero, that is a well-known cryptocurrency to mine due to its true low compute capacity requirements.
“When Bitcoin proved to be not-so-anonymous, cybercriminals switched their preference to anonymous coins like Monero and Zcash,” he explained. “Bitcoin is based on a public ledger, with every single transaction out there for everyone to see. Conversely, new cryptocurrencies like Monero and Zcash hide the sender, recipient and amount of each transaction made, affording cybercriminals who engage in cryptojacking greater privacy.”
Noting that crypto miners are being brought into companies via malware, Serto stated company operators require to ask themselves ‘what else is that malware doing?’.
“Cryptojacking on its own can impact productivity, systems performance, but doesn’t necessarily lead to defeat of data or a potential breach,” he explained. “However, as malicious hackers are consistently looking for new attack vectors, the last thing we want is to leave an additional door open.”
Serto stated a simple way for companies to mitigate the hazard of cryptojacking is implementing a Domain Name System(DNS) security solution capable of blocking access to crypto mining scripts – “Typically, the amount of work involved to implement a DNS security solution is minimal and should only take a few minutes”.
In addition, Serto recommended companies:
- Implement a true strict patching policy to prevent criminals from being able to exploit further vulnerabilities on completion user devices.
- Undertake a review of their backup policies.
- Review the security on their websites or any application exposed on the internet to ensure they don’t completion up serving illegal crypto mining scripts either.
- Seek ongoing education about the cybersecurity landscape and stop viewing security as a cost (“It’s honestly difficult for companies to identify an ROI if they don’t grasp the impact an attack would have on their environment”).
“Ultimately, it is important for companies to grasp the landscape, and grasp and mitigate a potential hazard to their company,” Serto said. “For example, Akamai IT made a judgment to block crypto miners over all of our devices by blocking access at the DNS layer. This means crypto miners such as Coinhive are blocked from our company-issued devices and devices connected to wi-fi in any of our offices.”