The Cryptojacking Boom May Be Over, but the Threat Remains

Cryptocurrency was a major topic in 2018 on a number of fronts. Although the public at large may not understand the technology behind cryptocurrency, they eagerly consumed the news of its skyrocketing ascension in value through 2017. Unfortunately, there was a 90 percent crash in cryptocurrency value that following year. This naturally caused financial stress for those who got in at the peak of the boom. This boom-bust cycle is typical of these gold rush events. But the consequences involved in cryptocurrency-mania are more than just financial. While these fortune-seeking cycles attract many the enterprising, they also attract some corrupt individuals whose aim is to use sinister means to obtain their fortunes.

Generating Income from Cryptocurrencies

There are two ways to make money from cryptocurrencies. The first is to invest, which carries a high degree of risk. The second is to mine, and unlike traditional mining, this doesn’t require you to get your hands dirty. Cryptocurrency is based on a technology called blockchain. The blocks contain transaction data that form a public ledger and then blockchains are created by miners. To create a blockchain, a miner must solve computationally intensive cryptographic hash functions using powerful computer systems.

So how does a miner access this type of computing equipment? There are a few ways. One can make a significant CAPEX investment to purchase it, which is, of course, very expensive. One can also rent compute power from cloud services, but again, this is very costly. And finally, the solution preferred by nefarious miners, they compromise your system and use it for free. Although one computer system by itself is likely insufficient, the combination of many compromised devices will do the job.

Mining Robots

Essentially, a malevolent miner hijacks your computer by one of two ways and makes it a mining robot. The first way is to use cryptocurrency mining malware. According to the cybersecurity company, McAfee, coin mining malware increased by 4,000 percent between the third quarter of 2017 and third quarter 2018. Like any malware attacks, these malicious code strains are primarily delivered through email phishing attacks, although recent strains have taken advantage of the EternalBlue vulnerability found within Windows devices. Often, the infestation of one type of malware invites the companionship of others as well as keyloggers or the Emotet Banking Trojan. As one might expect, bad guys hang out with other bad guys.

Cryptojacking and Coinhive

But malware isn’t the only way to conscript your computer into the mining business. The second way is through cryptojacking, a technique that only requires the injection of JavaScript code into the webpages of a popular website. The code hijacks the web browser sessions of unsuspecting users and exploits the computer’s resources. Most often, the user is unaware of what is going on. In fact, your web browser doesn’t even have to be open once the initial web session is compromised.

But something different to note about cryptojacking: Criminals aren’t the only ones doing this. In 2017 Coinhive.com released its own mining code, pitching it as a way for site owners to earn an income without running intrusive or annoying advertisements. Owners of participating websites voluntarily inject the required JavaScript code into their websites. At one-time last year, more than 50,000 websites were using Coinhive. An interesting strategy, but participation in the Coinhive program is decreasing due to the 2018 crash of cryptocurrencies. Also, the fact that an arrest was made in Japan last year for exploiting the Coinhive library may also have contributed.

Combating These Threats

So, how do you know if your computer is involuntarily mining cryptocurrency? Well, your performance is sluggish at best—most likely anemic. While you can achieve temporary relief from performance paralysis by terminating the mining process in your task manager, this is an exercise in futility. Once infected by any malware, cleansing after the fact is very very difficult, at best and not a guarantee.

As for cryptojacking, using a safe browsing service or web filter solution can block cryptojacking deployment sites. Of course, keeping all your devices fully patched and up to date plays a huge role in prevention, as well as an email filtering solution that incorporates malware filtering or advanced threat protection. Many companies are also turning to the practice of application whitelisting or software restriction policies to ensure that only approved “good activity” is allowed on enterprise devices.

The Good News

As the general public’s fascination with the cryptocraze is waning, hackers also have lost interest in mining attacks. This doesn’t mean we are in the clear by any means. Instances of new malware strains such as NRSMiner are already being reported. So while the craze may be over, the threat remains.

Jeremy Moskowitz

Avatar photo

Jeremy Moskowitz

Jeremy Moskowitz founded PolicyPak Software after working with hundreds of customers with the same problem: they couldn’t manage their applications, browsers and operating systems using the technology they already utilized. Jeremy’s best-selling Group Policy books are on the desks of happy administrators everywhere. Jeremy was one of the first MCSEs in the world and has been designated an MVP in Group Policy by Microsoft for the last decade.

jeremy-moskowitz has 1 posts and counting.See all posts by jeremy-moskowitz