Back in the day, there was a concept called Grid Computing. Basically, a large computational task was carved up into smaller components and shared between many computing resources. A very good example is the BOINC SETI programme run by Berkley University.
A more recent example is that of cryptocurrency mining. As with grid computing, the task of creating cryptocurrency is shared between many individual resources, and each is rewarded with a small portion of the currency created. The resources range from massive dedicated mining farms to individual desktop computers and even smartphones. The most common currency mined is Bitcoin, although many other cryptocurrencies are being mined. Websites that exchange cryptocurrency into “real” currency like dollars or Euros are also available.
However, as with many IT endeavours, mining has been hijacked by malicious hackers to exploit individual computers for their own gain – usually called crypto jacking. Bitcoin Security has joined the ranks of things alert IT technicians and desktop users need to be aware of.
Simply put, crypto jacking is the surreptitious use of someone’s computing resources to mine cryptocurrency for someone else’s benefit. It can be initiated by clicking on a link in a phishing email, leading to crypto jacking code downloading to your PC, or by visiting a website infected with a crypto jacking script which runs in your browser. The main difference is that crypto jacking via an infected website doesn’t need to store code on your PC. The downside is that mining stops when you leave that webpage.
Estimates suggest that most crypto jacking happens using web scripts, with a much smaller proportion via the traditional malware phishing and download route.
It’s not just personal or home computing. An exploit involving the Smominru botnet distributed over Russia, India, and Taiwan infected nearly half a million servers and desktops. It has been estimated to have generated cryptocurrency valued at around $3.6 million in January 2018 alone.
Although it’s in its infancy, crypto jacking is moving towards the big leagues. It’s easy to deploy, and with nothing stolen or damaged, few users bother to report cyberjacking.
Although it costs individual users very little or nothing at all, crypto jacking can have real costs in the corporate environment. Help desks and technical resources need to spend time and effort identifying and countering it. Technicians may need to replace damaged equipment components.
Most of the time, users don’t notice. There is only a small drop in the performance of your PC and an increase in your data usage. The hacker certainly doesn’t want to stop your PC working, since that would stop the mining activity.
Why do hackers bother, considering that there are alternatives like ransomware which look like they could generate much more cash? Firstly, the chances of being caught are much less, and secondly, ransomware is a one-off cash payment, while crypto jacking is a continuous income stream. Infect enough computers and you have a nice regular earner. They also tend to use the less common currencies rather than the popular Bitcoin or Ethereum, since they are more difficult to track back to the hacker.
Bitcoin Security is an arm of overall PC security that counters crypto jacking.
The first step in Bitcoin Security is awareness. If you are in a corporate or small business environment, let your users know about it, how they can detect it, and how they can stop it.
Currently most cryptojacking exploits arrive as phishing emails inviting you to click on a link. Some apparently legitimate websites are also infected with crypto jacking scripts. To minimise all malware threats, not just crypto jacking, don’t click on obviously phishing links and beware of seemingly legitimate websites with odd-looking invitations to click.
How do you notice it, since most of the time your PC seems unaffected, apart from a performance drop? One big indication is your CPU always running at 100% even when the PC is seemingly idle. Sometimes this causes the CPU temperature to rise dramatically because the cooling fan has failed through overuse and your PC unexpectedly switches off.
In the corporate environment, be alert for increased user complaints about slow systems, hot running machines, and unexplained computer failures. Network monitoring software can also help by detecting particular types of web traffic associated with crypto mining.
At the desktop level, make sure your malware prevention software is up to date and has the anti-crypto jacking component activated. Most freeware anti-virus applications don’t have one. A better bet is to install anti-crypto jacking extensions in your browser. Ad-Blockers also help as scripts can be delivered using web advertisements. In the corporate environment, keep your web filtering lists up to date and include websites found to be infected with crypto jacking scripts.
Second, make sure that your browser security settings don’t allow running of untrusted and unsigned scripts. If you suspect that a browser tab is running a crypto jacking script, terminate it, and don’t go to that web location again.
Eternal vigilance is the price of security.