Cybercrime tactics are evolving fast, and hackers are taking advantage of the latest exploits to target individuals, regular enterprises, and major corporations. Cryptojacking incidences have, in particular, increased exponentially over the past few years, surpassing threats such as ransomware.
According to the latest Symantec security report, there has been a resurgence in cryptojacking activity since the second quarter of 2020, with detection rates climbing by over 150 percent. The escalation is believed to be driven by a myriad of factors.
The following is an elaboration of the situation and the elements driving the uptrend.
What Are Cryptojacking Attacks and How Do They Work
Cryptojacking attacks are exploits that rely on hacked machines to mine cryptocurrencies covertly. This is usually done through JavaScript code embedded on a website that forces visitors’ computers to resolve cryptographic hashes and mine crypto. Malware infections are also a common attack mode.
The JavaScript mode is less persistent as mining processes are only triggered when the victim logs onto an infected website. The miners are usually coded to mine privacy-centric cryptocurrencies such as Monero. In some instances, browser plugins with obfuscated malicious code are also used for cryptojacking purposes.
The most advanced cryptojacking ploys, however, target cloud infrastructures with immense computing power and utilize stolen system API keys to execute miner code.
Why Cybercriminals Are Shifting Towards Cryptojacking
There is a myriad of factors driving the current cryptojacking trend. The following are some of the reasons why hacker groups currently prefer making money through cryptominers.
1. Stealth Monetization
Ransomware draws a lot of attention from law enforcement agencies and entails complex coercion and blackmailing schemes to be successful, many of which can result in significant jail time. This creates a range of problems for hackers looking to stay below the radar.
Cryptojacking, on the other hand, is a more covert process of making money and is in sort of a gray area when it comes to the law. This is because it doesn’t involve information stealing, and there’s no coercion or direct threat to national security.
According to a recent security report published by Csonline, many hackers prefer it because it is in many cases more profitable than ransomware. It is also much harder to nab perpetrators, especially if they are mining cloaked digital tokens such as Monero, which hide past transaction history on the ledger.
2. The Authorities Are Cracking Down on Ransomware Hacker Groups
US authorities have over the years considered ransomware groups to be a criminal nuisance but not one requiring an urgent response. However, the recent spike in high-profile cybersecurity attacks has led to a change in tact. The US government, in collaboration with major security agencies across the world, is ramping up efforts to take down ransomware groups.
The recent Colonial Pipeline ransomware attack that occurred in May was an eye-opener on what could happen if ransomware hacker groups were left unchecked. The attack shut down the pipeline and affected fuel supply in the East Coast. The ransomware attack on JBS, America’s biggest meat supplier also highlighted the impact of such attacks.
To counter the problem, the authorities have being carrying out sting operations to take down ransomware hacker groups. In February, US authorities, in collaboration with French and Ukrainian police, targeted members of the infamous Egregor ransomware unit.
Investigators from the three countries were able to trace Bitcoin funds paid as ransom back to members of the group in Ukraine. Some of them were found to be complicit in the group’s hacking activities, while others provided financial and logistical support.
The unit had been operating a ransomware-as-a-service (RaaS) network whose affiliates were required to pay a percentage of the loot. As such, the offensive had a significant impact on the hacker underworld. The unit had successfully targeted over 150 victims before its downfall.
Sustained pressure by the authorities has also forced some hacker forums such as XSS to limit their exposure and role in headline-making hacker schemes. In May, the Russian hacker forum announced the cessation of its ransomware purchase and rental segment. Before this development, hacker groups across the world could rent or purchase ransomware on the site.
The forum has in the past been used by Ransomware-as-a-Service (RaaS) networks such as LockBit, REvil, Netwalker, DarkSide, and Nefilim. The site owners cited increased attention from the media and the authorities as one of the main reasons for the closure. Much of this was brought on by the recent high-profile attacks.
Weeks before the section shutdown, hacker groups such as DarkSide and Avaddon had issued guidelines instructing members to stay away from public infrastructure and organizations. The communique marked a change in ransomware dynamics.
The Impact of Cryptojacking Attacks
While cryptojacking attacks are less disruptive when compared to ransomware attacks, they have indirect costs to owners of infected PCs.
They cause increased wear and overheating issues on affected hardware due to overloading of processing sectors. They also degrade service delivery due to subsequent CPU performance issues that quickly translate to decreased productivity and loss of revenue. Besides this, the business affected by the issue also incur higher energy costs and suffer network bandwidth latency issues related to cryptojacking processes.
Lastly, the affected company will have to bear additional damage control costs if such an exploit is discovered by researchers and publicized.
How to Prevent Cryptojacking Attacks
The following are some of top cryptojacking prevention techniques.
1. Use a Safe Browser
The most common cryptojacking techniques target browser JavaScript code because most browsers rely on this component to enhance functionality. As such, it is best to use a browser that blocks cryptominers. Mozilla Firefox is among the few that has this functionality.
Its latest browser releases have a feature that blocks cryptocurrency mining scripts. Opera Mini, as well as Microsoft’s Edge Browser, are also able to do this. When it comes to Google, the company has taken a proactive approach by banning Chrome extensions that mine cryptocurrencies using its browser.
To be absolutely safe from JavaScript-based miners, you can disable the JavaScript code on your browser while surfing the web. This prevents browser mining scripts from working.
2. Use Hardware That Has Been Proofed Against Cryptojackers
Using hardware that is designed to thwart cryptojackers will help mitigate the menace. Some PC classes such as Intel vPro machines with Intel Hardware Shield are able to intercept these types of attacks out of the box with no additional security configurations.
They prevent cryptominers from working by utilizing Intel Threat Detection Technology which is part of Intel’s Hardware Shield. The technology detects threats through CPU behavioral heuristics and telemetry and carries out deep memory scanning to block ransomware and cryptojacking activity.
3. Use an Ad Blocker
Apart from harnessing a computer’s resources through malware, hackers also embed cryptojackers on ads. There have been instances where malicious ads have been found to be mining cryptocurrencies by targeting a wide range of devices, including those with weak computing power such as smartphones.
As such, using an ad blocker will go a long way in preventing such ploys from working.
4. Use Antivirus
One of the primary steps to take in order to safeguard your computer against cryptojacking attacks is to ensure that you use an antivirus program that can detect and remove cryptojackers.
These are usually not hard to find. Many of the major antimalware tools such as Kaspersky, ESET, Avast, AVG, and Malwarebytes will do the job.
Cryptojacking Is Not Dying, It’s Just Evolving
While major blue-chip technology companies go on the offensive against cryptojacking, the problem shifts from overt prominent modes such as browser cryptomining to harder-to-detect techniques involving machine hacking.
Due to the rising profitability of cryptojacking, the number of incidences is expected to rise in the coming years.