How to Protect Against Cryptomining

By:  |  Category: Blog, Security Tuesday, April 24th, 2018  |  No Comments

Does it ever feel like your computer somehow downloaded a “slow bug?” It used to be responsive and quick and now it’s crawling along and the spin of doom takes for-ev-er…

You might not be imagining it. You may have been hit with cryptomining code—cyber criminals’ latest flavor of the month.

Reuters recently reported that thousands of websites had been infected with cryptomining code, including ones run by U.S. and UK government agencies.

What is Cryptomining?

According to MIT Technology Review, “Mining is a computationally intensive process where computers comprise a cryptocurrency network completely to verify the transaction record, called the blockchain, and receive digital coins in return.” In other words, “miners” work to solve complex mathematical problems in order to generate income in the form of digital currency, such as Bitcoin, Ethereum, Monero and others. This mining process requires serious hardware and significant CPU resources to “create” cryptocurrency.

Basically, someone is hijacking your computers ability to solve complicated algorithms for their own criminal gain.

How Cryptomining Malware is Executed:

Malicious cryptomining generally spreads in one of two ways. One of these infections is through malware, delivered by a malicious email attachment or link. Researchers discovered that 23% of organizations globally were affected by Cryptomining malware, specifically the Coinhive variant, during January 2018.

The other approach is to infect a third-party provider used by high trafficked sites. For example, a popular advertising site might be targeted because of its access to thousands of websites reaching millions of people. This method delivers pay dirt for the attacker. When users visit the site, they unknowingly “donate” their computing processing power to the attacker while they remain on the page. These attacks don’t require, or spread, malware on the user’s endpoint, so while users are impacted, they are not infected.

How the Attacker Covertly Steals Power from your Device:

By using crowd-sourced computing power, the attacker can scale up his/her mining efforts while eliminating the need to purchase expensive equipment as they “pan for digital gold.” The more collective power and speed the attacker can amass, the bigger the cryptocurrency payout.

How to Tell If You’ve Been Hit:

In most cases, you won’t find malware on your device, since this type of attack runs without it, so the only indication may be a visible slowdown in performance.

Why It’s a Big Deal:

What’s so concerning about this type of attack is that user computing power can now be hijacked by attackers just by visiting an infected site or a site that uses an infected third party.

How to Protect Your Devices:

The only way to know if your business has been compromised is to monitor for abnormal utilization of browser process and higher than normal CPU usage.

In a perfect world, the responsibility should rest on those who own and maintain the website to routinely inspect all of their third-party providers.

Cyrptomining operations are only gaining speed and are likely to grow. This is great incentive to stay on top of vulnerabilities and the performance of your systems. If you need help with cyber security give EnhancedTECH a call at 714-970-9330 or contact us at [email protected]

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
Hackers Targeting Your Online Bank Account

According to a new report, banking and finance are the most highly targeted sites for hackers. The worst vulnerabilities were...