What is cryptojacking?Risks of cryptojacking attacks,Threat, Impacts,
What is a Cryptocurrency ?
A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it. It is a decentralized system for verifying that the parties to a transaction have the money they claim to have, eliminating the need for traditional intermediaries, such as banks, when funds are being transferred between two entities.
Individual coin ownership records are stored in a digital ledger, which is a computerized database using strong cryptography to secure transaction records, control the creation of additional coins, and verify the transfer of coin ownership.Despite their name, cryptocurrencies are not considered to be currencies in the traditional sense, and while varying treatments have been applied to them, including classification as commodities, securities, and currencies, cryptocurrencies are generally viewed as a distinct asset class in practice.Some crypto schemes use validators to maintain the cryptocurrency. In a proof-of-stake model, owners put up their tokens as collateral. In return, they get authority over the token in proportion to the amount they stake. Generally, these token stakers get additional ownership in the token over time via network fees, newly minted tokens, or other such reward mechanisms.
Cryptocurrency does not exist in physical form (like paper money) and is typically not issued by a central authority. Cryptocurrencies typically use decentralized control as opposed to a central bank digital currency (CBDC).When a cryptocurrency is minted, or created prior to issuance, or issued by a single issuer, it is generally considered centralized. When implemented with decentralized control, each cryptocurrency works through distributed ledger technology, typically a blockchain, that serves as a public financial transaction database.Traditional asset classes like currencies, commodities, and stocks, as well as macroeconomic factors, have modest exposures to cryptocurrency returns.
The first decentralized cryptocurrency was Bitcoin, which was first released as open-source software in 2009. As of March 2022, there were more than 9,000 other cryptocurrencies in the marketplace, of which more than 70 had a market capitalization exceeding $1 billion.
What is cryptojacking?
Cryptojacking is the act of hijacking a computer to mine cryptocurrencies against the users will, through websites,or while the user is unaware.One notable piece of software used for cryptojacking was Coinhive, which was used in over two-thirds of cryptojacks before its March 2019 shutdown.The cryptocurrencies mined the most often are privacy coins--coins with hidden transaction histories--such as Monero and Zcash.
Like most malicious attacks on the computing public, the motive is profit, but unlike other threats, it is designed to remain completely hidden from the user. Cryptojacking malware can lead to slowdowns and crashes due to straining of computational resources.In June 2011, Symantec warned about the possibility that botnets could mine covertly for bitcoins.Malware used the parallel processing capabilities of GPUs built into many modern video cards.Although the average PC with an integrated graphics processor is virtually useless for bitcoin mining, tens of thousands of PCs laden with mining malware could produce some results.In mid-August 2011, bitcoin mining botnets were detected,and less than three months later, bitcoin mining trojans had infected Mac OS X.In April 2013, electronic sports organization E-Sports Entertainment was accused of hijacking 14,000 computers to mine bitcoins; the company later settled the case with the State of New Jersey.
German police arrested two people in December 2013 who customized existing botnet software to perform bitcoin mining, which police said had been used to mine at least $950,000 worth of bitcoins.For four days in December 2013 and January 2014, Yahoo! Europe hosted an ad containing bitcoin mining malware that infected an estimated two million computers.The software, called Sefnit, was first detected in mid-2013 and has been bundled with many software packages. Microsoft has been removing the malware through its Microsoft Security Essentials and other security software.Several reports of employees or students using university or research computers to mine bitcoins have been published.
On February 20, 2014, a member of the Harvard community was stripped of his or her access to the University's research computing facilities after setting up a Dogecoin mining operation using a Harvard research network, according to an internal email circulated by Faculty of Arts and Sciences Research Computing officials.Ars Technica reported in January 2018 that YouTube advertisements contained JavaScript code that mined the cryptocurrency Monero.In 2021, multiple zero-day vulnerabilities were found on Microsoft Exchange servers, allowing remote code execution. These vulnerabilities were exploited to mine cryptocurrency.
Cryptocurrencies use a distributed database, known as 'blockchain' to operate. The blockchain is regularly updated with information about all the transactions that took place since the last update. Each set of recent transactions is combined into a 'block' using a complex mathematical process.
To produce new blocks, cryptocurrencies rely on individuals to provide the computing power. Cryptocurrencies reward people who supply the computing power with cryptocurrency. Those who trade computing resources for currency are called "miners".
The larger cryptocurrencies use teams of miners running dedicated computer rigs to complete the necessary mathematical calculations. This activity requires a significant amount of electricity – for example, the Bitcoin network currently uses more than 73TWh of energy per year.
Mining for cryptocurrency is not a crime, but it is a high-cost, nonstop operation that requires substantial electricity and expensive mining network nodes. Many cryptocurrencies have market caps that limit the supply of coins that can be mined. These cryptocurrencies are designed to be harder to mine as they approach their market cap, in order to extend the mining process as long as possible, while simultaneously driving up the price of the currency.
Growing mining competition and high electricity costs mean the cost of mining can outweigh the profits. For instance, the entire ecosystem of Bitcoin mining -- the most well-known cryptocurrency -- uses nearly 100 terawatt hours a year, which is more than many countries use in a year, according to Cambridge University's Bitcoin Electricity Consumption Index.
Mining just one bitcoin costs, on average, $35,000, according to Visual Capitalist calculations. One bitcoin requires nearly 1,400 kilowatt hours, equivalent to the average amount of energy consumed by an American family in 50 days, according to Digiconomist. Cryptocurrency prices are quite volatile. As a result, the cost of mining a single bitcoin can be higher than the price of that one bitcoin.
Cryptojackers target victims' computing resources to offload the mining expenses to as many entities as possible. Though cryptojacking is designed to be undetectable, over time, its high processing demands can damage victims' devices and cause poor device performance, high electricity bills and shorter device life spans.
How does it work ?
Cybercriminals hack into devices to install cryptojacking software. The software works in the background, mining for cryptocurrencies or stealing from cryptocurrency wallets. The unsuspecting victims use their devices typically, though they may notice slower performance or lags.
Hackers have two primary ways to get a victim's device to secretly mine cryptocurrencies:
Hackers often use both methods to maximize their return. In both cases, the code places the cryptojacking script onto the device, which runs in the background as the victim works. Whichever method is used, the script runs complex mathematical problems on the victims' devices and sends the results to a server which the hacker controls.
Unlike other types of malware, cryptojacking scripts do not damage computers or victims' data. However, they do steal computer processing resources. For individual users, slower computer performance might simply be an annoyance. But cryptojacking is an issue for business because organizations with many cryptojacked systems incur real costs. For example:
Some cryptomining scripts have worming capabilities that allow them to infect other devices and servers on a network. This makes them harder to identify and remove. These scripts may also check to see if the device is already infected by competing cryptomining malware. If another cryptominer is detected, the script disables it.
In early instances of cryptomining, some web publishers sought to monetize their traffic by asking visitors' permission to mine for cryptocurrencies while on their site. They positioned it as a fair exchange: visitors would receive free content while the sites would use their computer for mining. For example, on gaming sites, users might stay on the page for some time while the JavaScript code mines for coin. Then when they leave the site, the cryptomining would end. This approach can work if sites are transparent about what they are doing. The difficulty for users is knowing whether sites are being honest or not.
Malicious versions of cryptomining – i.e. cryptojacking – don't ask for permission and keep running long after you leave the initial site. This is a technique used by owners of dubious sites or hackers who have compromised legitimate sites. Users have no idea that a site they visited has been using their computer to mine cryptocurrency. The code uses just enough system resources to remain unnoticed. Although the user thinks the visible browser windows are closed, a hidden one stays open. Often it can be a pop-under, which is sized to fit beneath the taskbar or behind the clock.
Cryptojacking can even infect Android mobile devices, using the same methods that target desktops. Some attacks occur through a Trojan hidden in a downloaded app. Or users' phones can be redirected to an infected site, which leaves a persistent pop-under. While individual phones have relatively limited processing power, when attacks occur in large numbers, they provide enough collective strength to justify the cryptojackers' efforts.
Examples of Cryptojacking attacks
High profile examples of cryptojacking include:
How to detect cryptojacking
Cryptojacking detection can be difficult because the process is often hidden or made to look like a benevolent activity on your device. However, here are three signs to watch out for:
Cryptojacking detection
Decreased performance
One of the key symptoms of cryptojacking is decreased performance on your computing devices. Slower systems can be the first sign to watch out for, so be alert to your device running slowly, crashing, or exhibiting unusually poor performance. Your battery draining more quickly than usual is another potential indicator.
Overheating Cryptojacking is a resource-intensive process that can cause computing devices to overheat. This can lead to computer damage or shorten their lifespan. If your laptop or computer's fan is running faster than usual, this could indicate that a cryptojacking script or website is causing the device to heat up, and your fan is running to prevent melting or fire.
Central Processing Unit (CPU) usage
If you see an increase in CPU usage when you are on a website with little or no media content, it could be a sign that cryptojacking scripts might be running. A good cryptojacking test is to check the central processing unit (CPU) usage of your device using the Activity Monitor or Task Manager. However, bear in mind that processes might be hiding themselves or masking as something legitimate to hinder you from stopping the abuse. Also, when your computer is running at maximum capacity, it will run very slowly, and therefore can be harder to troubleshoot.
What are the different types of cryptojacking ?
As previously mentioned, there are two main types of cryptojacking. One is based on infecting the web browser, and the other uses host-based methods.
Browser cryptojacking
The browser-based approach works by creating content that automatically runs cryptomining software in a user's web browser when they visit the webpage hosting it. This method is also known as drive-by cryptomining. Cryptojackers may create a website with embedded cryptomining JavaScript code and direct traffic to it for the purpose of cryptojacking, or they may compromise an existing site.
Existing websites can be compromised through programmatic advertising, which contains malware that automatically places ads on sites. This is done without website owners' knowledge, and they have little control over whether their site runs the software.
Compromised ads can also be placed on a site as pop-unders designed to hide under windows already open on a victim's computer or phone and avoid detection. This type of malware uses domain generation algorithms to bypass ad blockers and serve ads to all site visitors.
Cryptojackers can also embed JavaScript in websites without using ads. Some websites even disclose that their pages use visitors' devices to run cryptomining software while being visited. This technique has been proposed for other uses, such as providing revenue for sites and services and crowdfunding for disaster relief efforts. In these instances, cryptomining code is not stored on the victim's devices, but runs only when a victim visits an infected website or does not detect the compromised pop-under ad.
Host cryptojacking
This method works like standard phishing and malware attacks. Cryptojackers lure victims into clicking on harmless-looking links that install cryptomining software onto a victims' device. Host-based cryptojacking can affect all types of devices. For instance, Google Android phones are susceptible to Trojan horse cryptojack attacks through apps on Google Play Store.
Cryptojacking malware can also infect open source code and public application programming interfaces, thereby infecting devices that download the code or API and any software developed using them. Unprotected cloud storage is also vulnerable to cryptojacks.
Once inside a victim's endpoint, cryptojacking software can move across all devices on the network, including servers, cloud infrastructures and software supply chains. A lot of cryptojacking scripts also have worming capabilities that detect other cryptojacking malware already operating on a victim's device, disable it and replace it.
4 possible methods to detect cryptojacking
Cryptojacking is designed to be as undetectable as possible. However, these four main symptoms are worth watching for:
Risks/Dangers of cryptojacking attacks
When Microsoft blocked more than 400,000 cryptojacking attempts in one day, businesses feared that an outbreak was underway. It was only a tip of the iceberg. More than 55 percent of businesses worldwide have faced crypto mining attacks. With cybercriminal groups launching more and more attacks to infiltrate networks and quietly mine for coins, large-scale cryptojacking threat has emerged as the new norm.
The practice of mining cryptocurrency on other people’s hardware is overtaking ransomware as a tool of choice for extorting money online. Gangs are working overtime to get you to click on a malicious link in an email that loads crypto mining code on the computer; sometimes, they just use online ads with JavaScript code that auto-executes once loaded in the browser. No code is stored on the victims’ computers.
Recommended by LinkedIn
Cryptojacking takes place everywhere – on websites, servers, PCs, and mobiles. Take for instance, Coinhive, one of the most prevalent rogue software. Coinhive uses the processing power on someone’s device to mine cryptocurrency. Pranksters make money by injecting code that performs computationally demanding cryptographic operations that underpin the transaction records of currencies, a process known as mining. If pranksters are able to steal someone’s computing power by embedding code in websites or software, they can make a lot of money. While Coinhive is said to be a legitimate operation, the number of illegitimate users far outnumbers the legitimate ones. A reason why Coinhive has emerged as a villain is that it does explicit mining:Coinhive introduced AuthedMine as the next step in cryptojacking. The new software executes the following script on websites as an opt-in alternative for visitors running adblock extensions. Instead of disabling adblock features on web browsers, the AuthedMine code provides an opt-in for users to run the code in the background.
Examples of cryptojacking attacks
Cryptojacking attacks are at an all-time high, according to ENISA's 2021 "Threat Landscape" report. Some of the most notable victims of attacks in recent years are the following:
Many of these attacks were browser-based ones focused on mining Monero, the most popular coin among cryptojackers. However, ENISA reported that cryptojackers are moving away from browser-based attacks, preferring host-based ones, which, in 2021, accounted for 87% of all cryptojacking attacks. This is partly because the Coinhive website shut down. It provided the browser-based cryptojacking JavaScripts to mine Monero.
Since Coinhive went away, attacks have become more sophisticated and surreptitious to include the infection of APIs, open source code, cloud infrastructures and containers, according to ENISA. Cryptojackers now distribute their attacks to as many people as possible, letting the attackers use less power per device and decrease their detectability.
Some recent attacks use JavaScript package repositories, such as Node Package Manager, and VMware Horizon software. The latter attack comes through a breach in Log4Shell, an open source logging library used by many cloud services and software developers. More Log4Shell attacks are expected with this vulnerability, which the U.S. government predicted will be around for the next decade.
Masquerading to serve cryptominers
Imagine the consequences when medical devices are leveraged in cryptomining campaigns: healthcare networks are crippled and lives are endangered. Instances have shown that cryptominers are masters in digital masquerading. From using open source platforms as a host for cryptomining malware to riding on software vulnerabilities, cryptominers are giving a complete new makeover to software phishing attacks.
Cryptojacking threat and attacks will continue to grow in the coming years, and no application or host is entirely immune to it. Every application on every system is a likely target. The potential victim includes any individual in any organization. Like ransomware, cryptojacking can affect your organization despite your best efforts to stop it. Detecting it can be difficult, as even endpoint protection tools stop cryptojacking.
For any business, privacy and security are a constant concern. The variety and velocity of attacks seeking to infiltrate corporate systems and steal vital business and customer information seem never-ending. Given the very public repercussions of certain types of breaches, it can be easy for executives and IT professionals to focus attention on only the most notable attacks. However, numerous industry studies have found that a quiet threat, known as cryptojacking, is rising faster than any other type of cyber incident.
Cryptojacking is a breach where malware is installed on a device connected to the internet (anything from a phone, to a gaming console, to an organization’s servers). Once installed, the malware uses the hijacked computing power to “mine” cryptocurrency without the user’s knowledge.
Unlike phishing or ransomware attacks, cryptojacking runs nearly silently in the background of the victim’s device, and as a result the increase in cryptojacking attacks has flown mainly under the radar. Yet, new studies suggest that attacks of this type have more than tripled since 2017, generating concern as these undetected breaches siphon energy, slow down performance of systems and expose victims to additional risk.
The rise of cryptojacking has followed the same upward trajectory as the value of cryptocurrency. Suddenly, digital “cash” is worth actual money and hackers, who usually have to take several steps to generate income from stolen data, have a direct path to cashing in on their exploits. But if all the malware does is sit quietly in the background generating cryptocurrency, is it really much of a danger? In short, yes – for two reasons.
In fundamental terms, cryptojacking attacks are about stealing… in this case energy and system resources. The energy might be minimal (more about that in a moment) but using resources slows the performance of the overall system and actually increases wear and tear on the hardware, reducing its lifespan, resulting in frustration, inefficiency and increased costs.
Much more importantly however, a cryptojacking-compromised system is a flashing warning sign that a vulnerability exists. Often, infiltrating a system to cryptojack involves opening access points that can be easily leveraged to steal other types of data. Cryptojacking not only appropriates valuable computer and energy resources, but also exposes victims to much more blatant and damaging data attacks.
Who all are at risk?
Any connected device can be utilized to mine cryptocurrency, however, the goal of most cryptojacking operations is to hijack enough devices so that their processing power can be pooled, creating a much more effective network with which to generate income. This strategy relies on utilizing small amounts of power from several different machines, which also lessens the chances that the victim will realize they’ve been hacked because the power stolen is miniscule enough to be ignored.
Once hacked, the attacker will network these devices together to create large cryptojacking networks. These attacks are thus often focused on large corporations or businesses where access to multiple devices is easy and convenient.
Identifying the victims
Identifying and flagging cryptojacked devices can be difficult, requiring dedicated time and energy. In many cases, the malware might reside in compromised versions of legitimate software. As a result, security scans are less likely to flag the downloaded application as a threat.
The first clue that something may be amiss at the organization is the sudden slowing of devices or a rise in cross-company complaints about computer performance. If widespread, administrators should look to potential cryptojacking as the possible culprit.
Cryptojacking uses a victim's computing power to perform the complex mathematical operations needed to mine cryptocurrency and send the results to the cryptojacker's server. Unlike some types of malware that damage victims' devices or data, cryptojacking is designed to exploit its victims' resources as long as possible without being detected. Cryptojackers use a small amount of a victim's processing resources, while targeting a large number of victims. The malware runs in the background, quietly redirecting victims' processing power toward illicit cryptomining tasks.
Cryptojackers use two main attack modes: web browser and host-based. Web browser attacks embed cryptomining software on a website that runs when a victim visits that particular site. Host-based attacks use malware that gets downloaded onto a victim's device.
Both attack methods involve the following steps:
How to protect against cryptojacking threats ?
Use a good cybersecurity program
A comprehensive cybersecurity program such as Kaspersky Total Security will help to detect threats across the board and can provide cryptojacking malware protection. As with all other malware precautions, it is much better to install security before you become a victim. It is also good practice to install the latest software updates and patches for your operating system and all applications — especially those concerning web browsers.
Be alert to the latest cryptojacking trends
Cybercriminals are constantly modifying code and coming up with new delivery methods to embed updated scripts onto your computer system. Being proactive and staying on top of the latest cybersecurity threats can help you detect cryptojacking on your network and devices and avoid other types of cybersecurity threats.
Use browser extensions designed to block cryptojacking
Cryptojacking scripts are often deployed in web browsers. You can use specialized browser extensions to block cryptojackers across the web, such as minerBlock, No Coin, and Anti Miner. They install as extensions in some popular browsers.
Use ad blockers
Since cryptojacking scripts are often delivered through online ads, installing an ad blocker can be an effective means of stopping them. Using an ad blocker like Ad Blocker Plus can both detect and block malicious cryptojacking code.
Disable JavaScript
When browsing online, disabling JavaScript can prevent cryptojacking code from infecting your computer. However, although that interrupts the drive-by cryptojacking, this could also block you from using functions that you need.
Block pages known to deliver cryptojacking scripts
To prevent cryptojacking while visiting websites, make sure each site you visit is on a carefully vetted whitelist. You can also blacklist sites known for cryptojacking, but this may still leave your device or network exposed to new cryptojacking pages.
Cryptojacking might seem like a relatively harmless crime since the only thing 'stolen' is the power of the victim's computer. But the use of computing power for this criminal purpose is done without the knowledge or consent of the victim, for the benefit of criminals who are illicitly creating currency. We recommend following good cybersecurity practices to minimize the risks and to install trusted cybersecurity or internet security onto all of your devices.
Legality
Like most groundbreaking inventions, cryptocurrencies bring a moral paradox: while some people consider them a revolutionary tool to make the world a better place, others already use it to fuel their illegal activities. Therefore, it was just a matter of time before this energy-hungry activity became a serious cybersecurity issue.
Today, the world is witnessing an emerging type of cybercrime that is slowly becoming more popular than ransomware attacks – cryptojacking. Should we worry about it or is this just a security fad?
Youtube and Training Stuff
Conclusion
My Exposure to Crytocurrency trading & related technologies was while attending a month Long workshop & a Course from a new Edtech provider called MyCaptain .The course content was all about Crytocurrency trading , otherwise I did got exposed to the technology. So in all This is a very interesting piece of tech, Though I do have a plan to do Mining at Home & host an Exchange in the future
Disclosure & Legal Disclaimer statement Some of the Content has been taken from Open Internet Sources just for representation purposes.