When cryptojacking, criminal hackers use enterprise computers to mine cryptocurrencies like bitcoin without the organization’s knowledge or consent, escaping the upfront costs of buying computers or computer processing power for the job. Meanwhile, the organization suffers productivity loss and infections of hardware and software. Affected organizations lose some of their return on investment in the electricity running those machines, too.
Worst of all, infections common in cloud environments can cost the business big bucks. Once inside the cloud, cryptojackers can initiate new workloads on virtually limitless resources, causing cloud usage bills to skyrocket.
The sudden growth of these malicious cryptomining exploits is of great concern. Cryptojacking has already replaced ransomware as the No. 1 threat facing enterprises; cryptojacking is more profitable and requires less effort and risk than ransomware, according to ITProPortal and Forbes.
These illegal cryptomining capers infect company computers, servers and even smartphones using computer programming code and malicious software such as scripts and malware. Cryptojackers infect computer web browsers when employees surf websites that secretly run the malicious scripts. Cryptojackers also use fake or infected ads on the internet to unleash cryptomining scripts on web browsers.
Cryptojackers can hack into company servers and workstations to add cryptomining software. Employees can unwittingly download malicious mobile apps containing the unauthorized cryptomining exploits. Phishing attacks can also open the door to these exploits.
Illicit cryptominers seize a computer’s or device’s processor to mine the cryptocurrency. When this happens, organizations using monitoring tools to pinpoint spikes and anomalies in processor activity may see increased activity during off hours, when processor workloads should be decreasing. And since cryptojackers’ schemes tax computer resources, organizations should monitor their systems for heat anomalies and their processors for signs of overwork.
Layered protections against malware infections can help slow the progress of malicious cryptomining. Good anti-phishing solutions and education programs can also mitigate the threat. Finally, blacklisting bad sites and performing routine software patching can likewise guard against malware.
For cryptojackers who usurp web browsers, organizations can set up special tools and protocols to disable the associated scripts. Organizations should ask existing security product vendors what specific capabilities and features they offer to detect and block cryptojacking.
To avoid malware hidden in mobile apps that infect smartphones and mobile devices, block all sources of app installs except approved app stores. Do not permit any enterprise devices to be unlocked or jailbroken, allowing installs from other sources. On mobile devices and any computers, block all installs that the internal information technology or security team does not initiate. These measures will ensure that all apps come from approved sources through approved channels.
Businesses can delete cryptojacking malware using removal instructions from trusted cyberthreat intelligence sources. Once the organization removes the malware, blocks the sources of infection, implements appropriate security measures, and checks that all remaining symptoms and traces of the infection are gone, they can get back to business. Data backup and recovery can ensure that all affected machines are restored to their former state.
Cryptojacking has become an epidemic, but mobile and anti-cryptomining security solutions can defuse this looming threat. Organizations that use layered security measures such as routine software patching, anti-phishing tools and education, and blacklists will be prepared to fend off these escalating attacks.