In the world of crypto, mining is the process that results in the release of new tokens into circulation. This process works by rewarding the first miner who solves a complex computational problem with a specified amount of crypto assets.
In other words, miners earn rewards for validating transactions and contributing to the security of a blockchain network.
Notably, it takes a huge amount of processing power and energy to mine crypto tokens. Also, the system is designed to make mining difficult with rewards reduced over time. This makes legitimate crypto mining a capital-intensive venture.
To evade costs, cybercriminals often steal computing and energy resources from the computer devices of unsuspecting users. They use a vast range of hacking mechanisms to gain access to another user’s computer devices to carry out mining activities illicitly while the mined tokens are sent to their wallets. This process is what is dubbed cryptojacking
Here, we discuss the various cryptojacking methods, and how to detect them and guard yourself from falling victim.
What is Cryptojacking?
Cryptojacking is a portmanteau of cryptocurrency and hijacking. It is defined as the unauthorized use of someone’s device or computing resources to mine crypto assets. Said differently, it entails the use of another person’s computer or mobile device to mine crypto without their knowledge or approval.
This popular cybercrime typically works quietly in the background as unsuspecting victims use their systems normally. The only signs they might notice are slower performance, lags in execution, overheating, excessive power consumption, or abnormally high cloud computing bills.
Common Cryptojacking Methods
While there are numerous crypto jacking methods, the type deployed by any hacker is dependent on the cryptojackers’ creativity and knowledge. Below is a list of the most common cryptojacking methods.
- EndPoint Attacks: This is the most common method of cryptojacking. Here, attackers steal resources by sending endpoint users a legitimate-looking email, encouraging them to click on certain links programmed to place a crypto mining script on their computers. This mining script is programmed to run in the background of a computer and send back mined tokens to the hacker via a command and control (C2) infrastructure.
- Script Injection: In this method, a script is injected into a website or an online advert. Once a victim visits the website containing the fraudulent mining script or clicks on the ads, the mining script is automatically executed.
- Scanning for Vulnerabilities in Servers: Cryptojackers often scan for servers exposed to the public internet that contain vulnerabilities such as Log4J, exploiting the flaw and quietly loading crypto mining software on any device connected to the server. Oftentimes, attackers use the initially compromised system to move their cryptojacking laterally into other network devices.
- Software Supply Chain Attacks: Software supply chains are also exploited by cyber attackers to mine tokens. Here, malicious packages and libraries containing crypto mining scripts are embedded in software supply chain codes. Attackers leverage these malicious packages to poison the software that developers build, with components that execute crypto-mining scripts on the devices of an end user of the corrupted software.
How To Detect Cryptojacking
- Train your help desk to look for signs of crypto mining: The first indication on user endpoints is a spike in help desk complaints about slow computer performance. That should raise a red flag to investigate further. Other signs include device overheating or poor battery performance in mobile devices.
- Deploy a network monitoring solution: Network monitoring tools are useful in detecting web and outbound command and control (C2) traffic which in turn signals cryptojacking activity.
- Use cloud monitoring and container runtime security: Evolving solutions like cloud monitoring and container runtime security scanning can offer additional visibility into cloud environments that may be impacted by unauthorized crypto miners. Cloud providers have introduced this kind of visibility into their services, sometimes as add-ons. For instance, Google Cloud expanded its Security Command Center in 2022 to include what it calls its Virtual Machine Threat Detection (VMTD) to pick up on signs of crypto mining in the cloud, among other cloud threats.
- Engage in regular threat hunts: So many cryptojacking attacks are stealthy and leave few tracks, Organizations may need to take more active measures like threat hunting to regularly seek out subtle signs of compromise and follow through with investigations.
You Might Also Like: 10 Best Hardware Crypto Wallets You Should Know
How To Prevent Cryptojacking
Preventing cryptojacking takes an orchestrated and well-rounded defense strategy. The following steps can help prevent cryptojacking from running rampant on enterprise resources.
- Employ Strong Endpoint Protection: The foundation of this approach is using endpoint protection and anti-malware that is capable of detecting crypto miners, as well as keeping web filters up-to-date and managing browser extensions to minimize the risk of browser-based scripts from executing. Organizations should look for endpoint protection platforms that can extend out to servers and beyond.
- Patch and Harden Servers. Cryptojackers tend to look for the lowest-hanging fruit that they can quietly harvest, including scanning for publicly exposed servers containing older vulnerabilities. Basic server hardening, which includes patching, turning off unused services, and limiting external footprints can go a long way in minimizing the risk of server-based attacks.
- Use Software Composition Analysis: Software composition analysis (SCA) tools provide better visibility into what components are used within software to prevent supply chain attacks that leverage crypto mining scripts.
- Fix Cloud Misconfigurations: One of the most impactful ways organizations can stop cryptojacking in the cloud is by tightening cloud and container configurations. This means finding cloud services exposed to the public internet without proper authentication, rooting out exposed API servers, and eliminating credentials and other malicious components stored in developer environments and hardcoded into applications.
Conclusion: Responding To Cryptojacking Attacks
Over the years, cryptojacking cases have heightened alongside the increased ease of access to crypto mining software. Because cybercriminals are always looking out to hijack vulnerable devices, servers, cloud infrastructure, etc. to illegally mine for cryptocurrencies, one must always be on alert.
However, upon the detection of illicit crypto mining activity on your device, standard cyber incident response steps such as containment, eradication, and recovery should be employed. Notably, cryptojaking activities can be halted by killing web-delivered scripts, shutting down compromised container instances, reducing permissions and regenerating API keys.