Saturday, 25 June 2022

Cryptojacking

Cryptojacking is a threat that implants itself within a mobile device or computer and then employs measures to mine cryptocurrency. Cryptocurrency is virtual or digital money, which adopts the form of coins or tokens. The most prominent example is Bitcoin, however, there are around 3,000 other types of cryptocurrency. While certain cryptocurrencies have moved into the physical world via credit cards and the like, the majority remain virtual. Cryptocurrencies operate using a distributed database called a blockchain. The blockchain is updated regularly with information about the transactions that have occurred since the previous update. Every set of recent transactions is merged into a “block” as determined through a complex mathematical process.

Malicious mining is less destructive than other cyber threats such as ransomware, but this doesn’t mean that it is something to dismiss. Cryptojacking attacks might result in both indirect and direct losses for an organization. In the end, the targets are the ones who must pay for the computing power. Besides a noticeable increase in electrical consumption, mining contributes to the aging of hardware by overworking processing cores, including cores belonging to discrete graphics cards, to enable malicious extraction of cryptocurrency. These costs are compounded because cryptojacking attacks tend to go undetected for several months, and it is often difficult to determine their true cost.

Research suggests that after maliciously mining cryptocurrency for two consecutive days using mobile mining malware, the batteries of the infected devices may begin to expand to the point where the affected phones are physically deformed.

This wasted bandwidth also decreases the efficiency and speed of genuine computing workloads. Many organizations have experienced situations where computers stop because a program consumes all the available resources. Although there are several legitimate reasons for this, including resource-intensive background tasks or automatic updates, malicious mining should not be included.

When cryptojacking malware overwhelms a system, it can result in severe performance issues, which will have an immediate impact on your customers and end-users. If, for instance, a healthcare provider is a victim, staff could be unable to access critical patient health data. Attacks have also targeted essential infrastructure, such as a European water company. Cryptojacking could at first appear to be a simple hack, but the cybercriminal who carries out such attacks may be more dangerous than an opportunistic parasite. As with ransomware, crypto-jacking could be used as a decoy to detract attraction from more serious threats. Attacks could also be combined with fake antivirus software to assail victims with ads stating that they must pay to have their devices cleaned. This is a troubling blend of ransomware and malicious mining. Attacks could appear to be financially motivated, but the true aim of using crypto-jacking malware could be to overload infected systems and cause physical damage.

Cryptojacking Attacks Work

Hackers have two key strategies to get a target computer to secretly mine cryptocurrencies, and may use a combination of both strategies:

Download 

one way is to persuade victims to load cryptomining code onto their devices. This is achieved through social-engineering methods like phishing, where the victims get an email that looks legitimate and encourages them to activate a link. The link runs a malicious code, which adds the cryptomining script to the device. The script then runs in the background while the targeted individual works.

Injection 

the other strategy is to inject a script into an ad or website, which is distributed to multiple websites. Once the victim views the website or the infected ad appears on their browser, the script is executed automatically. The victim’s computer does not store any code. In both strategies, the code executes complex mathematical problems on the target computer and passes the results to a server controlled by the hacker.

Hybrid 

attackers may combine the two strategies to maximize their gains. For instance, out of hundreds of devices mining cryptocurrencies for an attacker, 10% could be receiving income from code on the target machines, while 90% do so via their web browsers.

Crypto miners spread

Certain cryptomining scripts have worming abilities that let them infect other servers and devices on a target network. This also makes them difficult to isolate and remove—maintaining persistence on a network is in the best financial interest of crypto jacking.

To maximize their capacity to spread across a network, cryptomining code could include multiple versions that leverage weaknesses in different network protocols. In some cases, the cryptomining code downloads multiple versions and tries to execute them, until one is successful.

Detect Cryptojacking

Cryptojacking attempts are often masked as standard, normal behavior. This makes this malicious activity difficult to detect – but not impossible. Here are several methods you can use to detect cryptojacking:

Decreased performance 

cryptojacking causes decreased performance on computing devices. You should watch out for slower system performance, as well as devices that run slowly, crash, or exhibit unusually poor performance. Another indicator is a battery that drains more quickly than it usually would.

Overheating cryptojacking 

this term refers to a resource-intensive process that may cause a computing device to overheat. Overheating cryptojacking may cause damage to your computers or shorten the lifespan of the device. A fan that runs faster than usual may indicate that a cryptojacking website or script is overheating the device. The fan, in this scenario, is running excessively in order to prevent fire or melting.

Central processing unit (CPU) usage 

if you browse a site with little or no media content, an increase in CPU usage may indicate that there are cryptojacking scripts running. You can run a cryptojacking test by checking the central processing unit (CPU) usage of the device. You can check this by using either the Task Manager or Activity Monitor. However, this might not yield complete results, because processes can hide or mask themselves as something that looks legitimate. Additionally, a computer running at maximum capacity runs very slowly – this can make troubleshooting more difficult.


    Cryptojacking Prevention

Although it is hard to discover if your computer system has been compromised by crypto-jacking, there are some measures you can take to prevent these attacks and protect your networking systems and computer, as well as your crypto-assets:

Instruct your IT team

IT staff should be trained to detect and understand cryptojacking. They must be aware of any initial signs of an attack and be prepared to respond immediately with a further investigation.

Educate your employees

T teams rely on employees informing them when computers are overheating or running slowly. Employees must have an understanding of cyber security and know to avoid clicking on links in emails that may contain crypto-jacking code and only download from known links.

Use anti-cryptomining extensions

cryptojacking scripts are generally deployed in web browsers. Use browser extensions, including No Coin, minerBlock, and Anti Minder, to block crypto miners across the web.

Use ad-blockers

cryptojacking scripts are often embedded in web ads. Use an ad-blocker to block and detect malicious customizing code.

Disable JavaScript

when surfing online, disable JavaScript to prevent cryptojacking code from infecting your organization’s computers. Remember that disabling JavaScript will also block some of the functions you require when browsing.




No comments:

Post a Comment

Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

  Microsoft on Tuesday   revealed   that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...