Cryptojacking. It sounds like a crime that might be committed in a futuristic spy thriller. But unfortunately, cryptojacking is a very real and growing threat for millions of computer users around the globe.
Cyptojacking occurs when someone's computer is secretly hijacked to mine cryptocurrency. That's another term for digital currency, like Bitcoin, that operates independently of a central bank and uses encryption techniques to regulate the generation of units and verify funds transfers.
A 2018 report by Symantec, a cybersecurity software and services company, revealed that 2017 saw “an explosion in cryptocurrency coin mining," with cryptojacking attacks increasing by an incredible 8,500 percent.
The threat to business owners from this kind of attack is not just to privacy and security but also in lost productivity — particularly if your company uses dozens, or even hundreds, of computers that are hijacked to steal their processing power without your knowledge. A large number of cryptojacked machines across a company, university or large organization can also use a substantial amount of electricity and damage thousands of dollars worth of computers.
To make matters worse, the sophistication of hackers and the growing popularity of digital currency means that attacks are likely to become more frequent. Given that reality, individuals and businesses can't afford to stay in the dark about this virulent cyber threat.
“To understand cryptojacking it's essential to understand cryptocurrency mining," said John Gomez, chief executive officer of Sensato Cybersecurity Solutions, based in New Jersey.
With digital currency, the total amount of assets (called “coins") in circulation is controlled through a process known as "mining" or "coin mining." It is done through algorithms that run complex mathematical models that are so intense you need a huge amount of computer processing power to run them, he explained.
"Like traditional mines, such as coal and diamond, the more people digging, the higher the chances of finding diamonds. So mining businesses try to find cheap labor in great numbers," he said. "Digital cryptomining is very much the same, but the mining is done via computer and it's cheap because it's stolen by using other people's computer processing power — that's cryptojacking."
In fact, cryptojacking is a form of crowdsourcing, noted Kevin Bornfleth, lead of the cyber threat intelligence center for City National Bank. “But with cryptojacking in particular, the crowd doesn't realize they're being used."
Though the future of digital currency is rife with uncertainty, at present there's a huge amount of potential profit in mining, especially when hackers minimize their own costs by secretly using other people's computers.
“The more computers miners can throw at the algorithms that produce coins, the better their returns," said Gomez. “Since they don't have to pay for your computer or your electric bill, they reap an amazingly good return. These potential profits attract individuals, organized crime groups, terrorist organizations and even nation states. There are even cryptojacking virus kits available online for as little as $30 that people could use to target their friends and family's computers."
In general, there are two main ways that a hacker gains access to your computer — either through a web browser or by installing mining malware directly on your computer, often via a malicious phishing email.
One of the most common forms of cryptojacking attacks is through a person's computer browser. In this case, you might use a search engine to search for an online store and click on a website that serves a specific advertising known as adware. Within that adware, potential malicious software could be set to take over your computer's processing power.
The malware operates while you're on that specific site and stops as soon as you leave the site. This type of mining doesn't infect your computer with a lasting virus.
The second and more permanent way cryptojackers work is by installing malware directly onto your computer. This can happen if you open an attachment or download software from what appears to be a legitimate website or a phishing email.
Once activated, this mining malware will stay on your computer and steal processing power every time you run your computer.
Your smart phone can also be a point of attack, added Bornfleth. “Public Wi-Fi is generally not very secure. You can be at a coffee shop or somewhere using the free public Wi-Fi and a hacker can inject mining software or cryptojacking code into your browser," he said. "However, phones don't have a lot of processing power, so this method isn't used as frequently."
Even if you've never heard of Bitcoin or don't invest in cryptocurrency, it's difficult to escape cryptojacking. Because hackers are interested in taking over a portion of your computer's processing power, absolutely anyone — from an individual who simply uses a computer at home to check email, to a large business with vast computer networks — can be a target.
Though a lagging PC is frustrating, for an individual, a slow computer may be nothing more than an annoyance. Companies running a significant amount of computer processing to operate their businesses are more likely to suffer the side effects of cryptojacking.
Slow systems can mean loss of productivity across the organization, and if computers are infected with malware, it can be costly to repair.
In order to protect your computer and business, consider:
While cryptojacking is likely to become more and more prevalent, using good virus protection and being smart about what emails you open and websites you visit can help minimize your chance of being a victim.
Comfort can also be taken from Gomez's observation, “If there's any good news here, it's that cryptojackers aren't going to destroy your computer - because they need it to perform at its peak to mine."
This article is for general information and education only. It is provided as a courtesy to the clients and friends of City National Bank (City National). City National does not warrant that it is accurate or complete. Opinions expressed and estimates or projections given are those of the authors or persons quoted as of the date of the article with no obligation to update or notify of inaccuracy or change. This article may not be reproduced, distributed or further published by any person without the written consent of City National. Please cite source when quoting.