Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Why every CISO should be worried about ‘cryptojacking’

by The Gurus
May 25, 2018
in This Week's Gurus
Share on FacebookShare on Twitter

Tyler Moffitt, Senior Threat Research Analyst at Webroot

Last year saw an unprecedented rise in the popularity of cryptocurrency, as the value of the currency soared across the market. In September 2017, CoinHive debuted a Javascript code to mine the cryptocurrency Monero, as an alternative means for website owners to generate revenue without using ads. Visitors to the site would opt into mining Monero using the power of their CPU. However, cybercriminals keen to monetise the trend have also recognised the potential rewards associated with cryptomining. As a result we have seen in an increase in ‘cryptojacking’ where the victim’s CPU power is used to mine cryptocurrency from hijacked websites. In the last eight months, there have been more than 5,000 websites that were compromised to mine Monero through CoinHive. In sharp contrast to the more familiar threats like ransomware, ‘cryptojacking’ offers a low risk, anonymous and profitable alternative attack vector where users aren’t even aware they have been attacked.

The benefits of cryptomining

Legitimate cryptomining is not considered dangerous as it does not pose a direct threat to files. To be profitable and efficient, specialised computers with enough processing power are utilised. Website owners who implement CoinHive’s Javascript code to mine, will generate income whenever users visit their sites. For websites with high traffic, the amounts generated can add up fast and be used to pay for server costs. However, this money doesn’t come out of thin air. Users will still be paying for it through CPU usage and the costs are reflected in their energy bills. These amounts tend to be very low due to the inefficiencies associated with cryptomining via a consumer computer, so the overall cost to each consumer tends to be negligible.

Rise of ‘cryptojacking’

Cybercriminals have learned to take advantage of this mechanism and will hijack websites to host scripts that pay into their own Monero wallets. Unlike attacks like ransomware, there is no malware delivered and users are unaware that their machines have been recruited to mine when they visit the website. They may experience slower browsing speeds, but on newer machines this may go unnoticed. This ignorance allows the practice to go on for extended periods of time without detection and offers very low risk to the criminal, as Monero has the best mining performance on home user CPUs. It also has a private blockchain ledger that prevents tracking of transactions allowing anonymity that can then be traded for Bitcoin. However, the practice is not without risk to equipment. Mobile devices that browse these sites can suffer physical damage due to heat. CPU chips can burn out and batteries can bulge, become unstable and dangerous.

The lurking insider threat

In addition to cybercriminals, CISOs need to be concerned about employees who may inadvertently pose a threat to the company. The financial gains associated with mining cryptocurrency have not escaped the imagination of tech savvy employees, who may use company laptops to mine Monero in the workplace. This may generate a few cents per day for the employee, but cost the company significantly more in terms of processing power. These costs are then reflected in increased energy bills and it can be difficult to identify the culprits. Employees may not have malicious intentions, but due to lack of education and understanding of the risks, their actions can have negative consequences for the business. 

Education and blocking scripts are the best defence

The incentive for CoinHive to ensure that their scripts aren’t being used by malicious actors is unfortunately quite low, as they receive 30% of the mining profits regardless. As a means of safeguarding the practice, they have implemented ‘mandatory’ opt ins, (hosted by CoinHive rather than the website owner) without which the miner is unable to act. However, cyber criminals seem to have found methods to suppress or circumvent the opt-in, so compromised sites won’t necessarily prompt visitors to accept terms or make them aware. In addition, there are more surreptitious methods emerging every day, allowing ‘cryptojacking’ sites to evade user detection, such as hiding pop-up windows under task bars.

The only way to stay one step ahead of ‘cryptojacking’ is by implementing a comprehensive and multipronged approach which combines intelligent technology layered with employee education. Software can be used to block sites which run CoinHive scripts as well as any CoinHive copycats, such as the nearly identical Crypto-Loot service. In addition, web browser extensions can be used, such as Adblock Plus, where personalised filters can be used. For more advanced control, extensions like uMatrix will offer more flexibility over which scripts, iframes, and ads to block. However, technology itself isn’t a silver bullet and employees should be made aware of the ramifications of their actions and be discouraged from practicing cryptomining.

Cybercriminals are only becoming more innovative in their tactics and businesses cannot afford to be caught off guard by emerging threats that may lurk in their own internal environment. ‘Cryptojacking’ is beneficial to cybercriminals as it is both lucrative and covert and the effects are only recognised retrospectively. Intelligent monitoring and blocking of websites (without interfering with the user experience) coupled with education will ensure that companies remain vigilant against this type of emerging threat.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Over half of businesses predict a serious security breach within the next year

Next Post

Positive Technologies investigation: Cobalt-like attacks continue

Recent News

Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information