Cryptojacking. It sounds like a crime that might be committed in a futuristic spy thriller. But unfortunately, cryptojacking is a very real and growing threat for millions of computer users around the globe.
Cyptojacking occurs when someone's computer is secretly hijacked to mine cryptocurrency. That's another term for digital currency, like Bitcoin, that operates independently of a central bank and uses encryption techniques to regulate the generation of units and verify funds transfers.
A 2018 report by Symantec, a cybersecurity software and services company, revealed that 2017 saw “an explosion in cryptocurrency coin mining," with cryptojacking attacks increasing by an incredible 8,500 percent.
The threat to business owners from this kind of attack is not just to privacy and security but also in lost productivity — particularly if your company uses dozens, or even hundreds, of computers that are hijacked to steal their processing power without your knowledge. A large number of cryptojacked machines across a company, university or large organization can also use a substantial amount of electricity and damage thousands of dollars worth of computers.
To make matters worse, the sophistication of hackers and the growing popularity of digital currency means that attacks are likely to become more frequent. Given that reality, individuals and businesses can't afford to stay in the dark about this virulent cyber threat.
“To understand cryptojacking it's essential to understand cryptocurrency mining," said John Gomez, chief executive officer of Sensato Cybersecurity Solutions, based in New Jersey.
With digital currency, the total amount of assets (called “coins") in circulation is controlled through a process known as "mining" or "coin mining." It is done through algorithms that run complex mathematical models that are so intense you need a huge amount of computer processing power to run them, he explained.
"Like traditional mines, such as coal and diamond, the more people digging, the higher the chances of finding diamonds. So mining businesses try to find cheap labor in great numbers," he said. "Digital cryptomining is very much the same, but the mining is done via computer and it's cheap because it's stolen by using other people's computer processing power — that's cryptojacking."
“In a way, cryptojacking is a form of crowdsourcing," said Brent Kennedy, manager of cyber risk at City National Bank. “Because it takes such a massive amount of computer processing energy to do the calculations required to make a single coin, hackers want to take over as many computer systems as possible to create a kind of crowdsourcing farm."
“The difference is," noted Kevin Bornfleth, lead of the cyber threat intelligence center for City National Bank, “with cryptojacking, the crowd doesn't realize they're being used."
Though the future of digital currency is rife with uncertainty, at present there's a huge amount of potential profit in mining, especially when hackers minimize their own costs by secretly using other people's computers.
“The more computers miners can throw at the algorithms that produce coins, the better their returns," said Gomez. “Since they don't have to pay for your computer or your electric bill, they reap an amazingly good return. These potential profits attract individuals, organized crime groups, terrorist organizations and even nation states. There are even cryptojacking virus kits available online for as little as $30 that people could use to target their friends and family's computers."
In general, there are two main ways that a hacker gains access to your computer — either through a web browser or by installing mining malware directly on your computer, often via a malicious phishing email.
“The most common form of cryptojacking attack is through a person's computer browser," explained Kennedy. For example, you could be shopping for a new pair of shoes and use Google to search for an online store. You may end up on a website with a lot of advertising served up by software known as adware. Within that adware and those advertisements, potential malicious software could be lurking, ready to take over your computer's processing power. While you are browsing the site, the malware will be running in the background doing the mining calculations while you're on that specific site. As soon as you leave the site, the cryptojacking stops. That kind of mining doesn't infect your computer with a lasting virus.
The second, and more permanent, way cryptojackers work is by installing malware directly onto your computer. This can happen if you open an attachment or download software from a legitimate-looking website or a phishing email. That mining malware will then stay on your computer and steal your processing power every time you run your computer, said Kennedy.
“Overall, this kind of lasting attack isn't common. What we see most often is drive-by hacking. Nothing is permanently loaded on your computer, and hackers are only using your computer while you have your browser open."
Your smart phone can also be a point of attack, said Bornfleth. “Public Wi-Fi is generally not very secure. You can be at a coffee shop or somewhere using the free public Wi-Fi and a hacker can inject mining software or cryptojacking code into your browser," he said. "However, phones don't have a lot of processing power, so this method isn't used as frequently."
Unfortunately, it's hard to know with absolute certainty when your computer is being used by hackers for mining. Sometimes, a significant slowdown in your computer can be a sign that someone is using your computer surreptitiously. Your virus protection software may detect malware, but cryptojackers often have advanced computer tech knowledge and can continuously devise new cryptojacking code that evades detection.
“It's difficult to tell when you've been a victim of cryptojacking. Not all malicious code is detectable by antivirus software," noted Kennedy. “Smart hackers will only try to use your computer when you don't need a lot of processing power, which makes mining hard to detect."
Even if you've never heard of Bitcoin or don't invest in cryptocurrency, it's difficult to escape cryptojacking. Because hackers are interested in taking over a portion of your computer's processing power, absolutely anyone — from an individual who simply uses a computer at home to check email, to a large business with vast computer networks — can be a target.
Though a lagging PC is frustrating, for an individual, a slow computer may be nothing more than an annoyance. Companies running a significant amount of computer processing to operate their businesses are more likely to suffer the side effects of cryptojacking. Slow systems can mean loss of productivity across the organization, and if computers are infected with malware, it can be costly to repair.
“My top piece of advice to protect your computer is to avoid unfamiliar websites, links and emails. Those are the main route of attack for mining hackers," said Kennedy. “Good virus protection software is also important. And there are browser extensions like Chrome's minerBlock and other ad-blocking add-ons that will help protect your computer. Also, be vigilant with any freeware you're thinking of downloading because it often doesn't go through a vetting process, so you don't know who created it or whether or not they put mining code in the background."
While cryptojacking is likely to become more and more prevalent, using good virus protection and being smart about what emails you open and websites you visit can help minimize your chance of being a victim. Comfort can also be taken from Gomez's observation, “If there's any good news here, it's that cryptojackers aren't going to destroy your computer - because they need it to perform at its peak to mine."
This article is for general information and education only. It is provided as a courtesy to the clients and friends of City National Bank (City National). City National does not warrant that it is accurate or complete. Opinions expressed and estimates or projections given are those of the authors or persons quoted as of the date of the article with no obligation to update or notify of inaccuracy or change. This article may not be reproduced, distributed or further published by any person without the written consent of City National. Please cite source when quoting.