You can think of cryptojacking as a virus which pays the hacker. Cryptojacking is one of the quickest growing cyber-attacks, with reports of web-browser cryptojacking attacks rising 30% in this year alone.
No operating system is immune, so it is best to protect yourself across all your devices: PC, laptop, tablet, and smartphone. Simple steps and some common-sense precautions will help you help yourself and safeguard against cryptojacking, many of these are inexpensive and quite easy to put in place.
What is cryptojacking?
Cryptojacking is a cyber-attack which uses your computing resources to “mine” cryptocurrencies, usually without your knowledge. Cryptojacking is an offence in some countries, but it can be hard to track down the culprits, as they are often in other countries. Since some cryptocurrencies guarantee anonymity, tracing transactions through the blockchain can prove impossible.
Cryptojacking is often considered less harmful than other virus and hacking attacks, as it doesn’t directly seek to obtain personal information or sensitive data stored on the device. Instead, it uses your electricity and processing power to mine cryptocurrency for the hacker’s benefit. Your CPU, Network Traffic (bandwidth) and Memory Resources can all be affected by cryptojacking.
There may not even be any immediate or obvious signs that your device is affected by cryptojacking. Some signs you may notice occasionally are an irregular slow down, or the device becomes hotter than normal, or that the fans operate “louder” than normally to compensate for increased CPU usage. On mobile devices or laptops, cryptojacking can drain the battery quickly. Many mobile users may not be able to distinguish cryptojacking from the battery drain from other applications which continue to run as background services, providing updates on the go.
Latest cryptojacking issues around the world
For most of 2018 cryptojacking has been in the headlines around the globe. Cryptojacking kits are very inexpensive thus making them even more attractive to many hackers.
Cryptojacking generally comes in three forms:
- Exploit vulnerabilities in operating systems
- Install a miner on the device running in the background as an executable
- Web page mining via any browser in the background. Sometimes even the site owner does not know that his service has been compromised.
Cryptojackers have gotten very clever, exploiting vulnerabilities in third-party services and ad networks which do not check for cryptojacking. Even YouTube was found to be serving ads which had cryptojacking exploits embedded into their code.
Amazon’s AWS services have also been a gold mine for cryptojacking exploits, hitting Tesla’s website as well as others.
How to protect yourself from cryptojacking
Taking precautions to protect yourself from cryptojacking is just common sense, easy to do and inexpensive. If you find that your device or a web browser begins to run very slowly, you can check to see what processes are running and which are using the CPU. Figuring out exactly what is happening may be beyond the average user, so preventative is recommended. Here are some easy ways to ensure that you are doing your best to prevent cryptojacking on your machine.
First, make sure your operating system is up-to-date on a regular basis to minimize the number of known vulnerabilities. Updates are releasing regularly to shut down reported vulnerabilities – scheduling this to run at least once a week will help minimize your exposure once a fix is released. If you really need to run older versions of operating systems or any software which is no longer supported, consider how best to protect these aging resources – perhaps by taking them off the internet altogether.
Make sure your antivirus software covers cryptojacking, and make sure to keep it up-to-date and turned on. To protect yourself from cryptojacking, you should start your antivirus software every time you switch on your computer or smartphone.
Next, use a reputable browser and install an add-on to prevent cryptojacking, use internet security software, or make sure your antivirus software covers your web browser. When you click on any web link, make sure that it is the link that you want and not a “lookalike” (a web address that looks very much like the site you want but is actually a scammer’s site). Cleaning all from cookies time to time is good practice – you may also want to stop “third party” cookies and set up a block to prevent certain sites from installing cookies altogether.
Emails are a common distribution mechanism cryptojacking is, so when in doubt, use your web browser and type in the URL for the site directly rather than click the link. Even if the email looks “legit”, phishing scams are getting ever more sophisticated, often hiding the destination URL under a text “link”.
We all love new applications, so make sure you get yours from a reputable source and ensure you have antivirus software running when you download it. Not all software is available through key stores, so simply make sure that the SSL lock icon to the left of the web address is visible when you are accessing the web page.
Some sites now the opportunity to mine a “funnel” to earn coins for yourself, to support the website, or to mine for charity as a donation. We would recommend that you do not run these types of mining donations on your key computing devices because a background cryptojacker may be harder to stop it than you realize.
Summing it up
For the individual, cryptojacking as a cybercrime may not seem important. For a successful hacker, cryptojacking can mean a big payoff in the cryptocurrency of their choice. Private companies, government websites, and even cloud servers have been compromised, with tens of thousands of daily users and their computers, mobiles, and browsers being exploited.
Because most people, business, and pundits believe that the value of cryptocurrencies will rise in the medium to long-term, expect even more hackers to devote their time and energy getting “free” mining and raking in the coin for their gain. Today’s cryptojacking might seem harmless, but with the rewards at stake, hacker kits will become more sophisticated – expect to hacker’s cryptojacking kits to incorporate other ways to gain access to your personal data.