With little regulation and a combined value of $613 billion at the end of 2017, it’s no surprise that cryptocurrencies are a prime target for cybercriminals. What is surprising is that ordinary businesses with absolutely no crypto interests or holdings could be targeted by hackers.
And yet, that’s the position in which countless businesses unknowingly find themselves: in the crosshairs of a new cybercriminal enterprise known as “cryptojacking” that some experts say is today’s foremost threat to the security and performance of electronic devices.
According to blockonomi.com, there were 2.4 million instances of cryptojacking in the first half of 2018 alone. The volume represents a staggering 459% increase since 2017. And unless the value of cryptocurrencies such as Bitcoin and Ethereum continue to crater, cryptojacking is likely to become an even greater issue in the years to come.
To understand how cryptojacking works, it helps to have at least a basic understanding of “cryptomining,” the computing activity by which cryptocurrencies are obtained. In essence, some cryptocurrencies can be legally earned by facilitating transactions. Without getting into the weeds, this is a complex process that requires a significant amount of computing power.
Many hackers lack the resources needed for cryptomining so instead they do what in their minds is the next best thing: exploit the processing power of businesses. The more computing power they can access, the more efficiently they can mine for cryptocurrencies, and the more quickly they can line their pockets. According to CSO, hackers install cryptojacking scripts on unauthorized computers in two primary ways:
- Phishing tactics, such as baiting employees into clicking on malicious email links.
While cryptojacking scripts will not immediately damage your computers or compromise your data like many other types of malware, they can steal your network’s resources and cause a number of performance issues. Over time, they can even cause irreparable damage to hardware by causing the temperature of devices and their batteries to reach extreme levels.
For these reasons and more, it’s important to be aware of the cryptojacking threat and some of the easy ways to fend off would-be miners.
Here are 5 simple ways to detect and thwart hackers from cryptomining on your devices:
Go Phish: The vast majority of the world’s malware is delivered via email. Not coincidentally, malicious email links are also one of the primary methods through which hackers inject cryptomining script into their victims’ devices. Make sure your employees never click on links or open attachments from senders they don’t recognize, and if they do, make sure they notify your IT staff immediately.
Monitor Resources: Make it a daily point to evaluate the resources being consumed by your network. If you notice a sudden, inexplicable drop in memory, it may be a sign that malware has been installed and that your resources are being siphoned off by an unauthorized party. Similarly, if there’s an abrupt surge in hardware or performance problems (i.e. overheating, slow speed, random shutdowns), that’s also a red flag that your system has been penetrated.
No Coin Extension: To block coin miners from accessing your computer, Google Chrome offers free extensions such as No Coin and minerBlock. When you visit a website, these extensions will detect, block and inform you of suspicious cryptomining activities.
Restrict Access: As eluded to earlier, another go-to cryptojacking technique is injecting malware into a website or pop-up ad. To combat this type of attack, limit your employees’ internet access to trusted websites and install plugins to block ads and non-authorized URLs.
Important Updates: Malware is often spread on old browsers and applications, so always make sure your employees are using the most current software available. Additionally, uninstall software that isn’t being used to minimize your exposure.
While these defense tactics will certainly lower your risk factor, they’re just a start. Teaming up with the cybersecurity experts at BrevAll Technologies is the only surefire way to make sure your business is protected from cryptojacking and all other external threats.