If you think you’ve been consuming web content for free without signing up for a subscription or by disabling ads, you could be in for a big surprise. As it turns out, some websites make you pay for your use whether you’re agreeable to it, or even aware of it. How exactly? By employing cryptojacking, the latest malware fad to hit unsuspecting victims everywhere. Cryptojacking is defined as the unauthorized use of computing resources for the purpose of mining cryptocurrency.
Why cryptojacking is on the rise
Bitcoin, currently the most widely-circulated of these digital currencies, reached a record high value of more than $19,000 (per coin) last December 2017. It has been on the decline since then, presently valued at roughly $6,000.00.
These prices are nothing to scoff at, especially since malicious actors can get away with mining cryptocurrencies for free. Despite heavy fluctuations in value, the cryptocurrency market isn’t going away any time soon.
It’s therefore no surprise that cryptocurrency mining scripts have been making the rounds across thousands of websites. As an illicit means of generating revenue, cybercriminals have found cryptojacking to be a worthy alternative to ransomware because it’s easier to deploy, requires no interaction with the victims, and can remain undetected for a long time.
How cryptojacking works
There is no central bank that mints these virtual currencies like your regular banknotes and coins. Instead, cryptocurrencies are generated or mined when a computer solves complex math puzzles, adding to the constantly growing “blockchain,” essentially infinite bits of decentralized information. The hardware that contributed to the transaction gets a sort of miner’s fee in the form of that block’s coin.
While a detailed explanation of blockchain technology and cryptomining merits a separate article altogether, suffice it to say that mining for cryptocurrency can be a very profitable endeavor. To have a computer perform cryptomining in secret, hackers deploy one of two ways: by loading cryptomining code onto the victim’s computer, or by injecting a mining script on a website or an ad that circulates in numerous websites.
In the first method, the hacker relies on phishing techniques to load the code into a target computer. The owner receives a legitimate appearing email and is encouraged to click the link to initiate or complete a certain process. Instead of the expected transaction, the victim unwittingly installs a program that secretly mines digital currencies.
Using JavaScript on a website as described in the second method is commonly referred to as in-browser cryptojacking. There’s really no getting around it because as soon as you load a page, the mining code begins to run. No opt-ins are required, and no installations are needed.
While websites most often deploy in-browser cryptojacking to earn the money they can’t generate with just online advertising, hackers usually make use of both methods to maximize their earning potential.
Should you be worried about?
It’s worth noting that unlike other security threats, cryptojacking doesn’t cause any obvious and immediate damage to the host computer or to the data stored therein. Once cryptojacking scripts get to work however, they do affect the computer’s performance adversely by hijacking processing power.
Over time, the constant and intense mining can eventually take its toll on the victim’s device, not to mention driving up one’s electricity bill. According to a widely-cited website that tracks relevant cryptocurrency developments, the electricity used in a single Bitcoin transaction could power about 30 US households for a day. Other examples liken it to energy that could boil 36,000 water-filled kettles. Note that these comparisons are solely for Bitcoin transactions which are known to demand the most high-powered computing resources.
Falling victim to cryptojacking schemes is something that should be cause for concern. The degree to how much this affects the victim however, depends on the amount of processing power one actually contributes. For the average computer user, having a slower computer and a slightly higher electric bill, could be no more than a minor annoyance or even considered a fair trade for being able to access free content.
For an organization with numerous devices connected to their network, the collective illegal usage of company devices could add up to a significant amount of resource and power costs. The lowered productivity for employees who are bogged down by poorly-performing computers, and the added manpower costs for IT personnel who need to track down and troubleshoot the performance issues should also be considered. Of course, the primary concern is the unauthorized usage of your property and the potential for more malicious malware being installed.
If you’d like to learn about how our DNS Security Solutions can help identify and prevent cryptojacking, visit us at http://www.defintel.com