Cybercrime is a business, and cybercriminals are constantly looking for ways to monetize their attacks. Along with ransomware, cryptojacking is a common method for cybercriminals to turn their access to an organization’s systems into profit. Cryptojacking malware uses an organization’s computational resources to earn rewards in cryptocurrency for the attacker on a blockchain platform.
Cryptojacking attacks are designed to take advantage of the Proof of Work consensus algorithm used by many blockchains and cryptocurrencies. Proof of Work is designed to decentralize the process of creating blocks to update the blockchain’s distributed ledger. By randomly selecting block creators, the blockchain limits the ability of an attacker to exert too much control over the ledger and rewrite the blockchain’s history.
In Proof of Work, the block creator is selected by having miners search for a valid block header, where validity is defined as having a hash value less than a set threshold. The only way to find such a block is by testing potential headers. As a result, the miner with the most computational power at their disposal has the highest probability of finding a valid block and claiming the associated reward.
Cryptojacking malware enables an attacker to steal other peoples’ computational power for use in their attacks. The malware runs on the infected machine and performs the guess-and-check operations needed to find a valid hash for a block header. By increasing the attacker’s access to computing resources, cryptojacking malware increases the chance of earning block rewards, turning a profit for the attacker at the expense of the owner of the compromised computer.
Cryptojacking malware can come in a few different forms. Some infect a device and run as a standalone process. Other variants may be implemented as a script that runs in the user’s browser when they visit a malicious or compromised webpage. This malware is commonly designed to mine Monero, a privacy-focused cryptocurrency designed to be mined on general-purpose computers (instead of specialized hardware).
Cryptojacking first emerged as a major cybersecurity threat in 2018. At the time, it was one of the most common types of malware as cybercriminals exploited the rise in the value of cryptocurrency. After the value of many cryptocurrencies crashed in 2019, cryptojacking attacks largely fell off until recently.
In 2021, surging cryptocurrency prices have created new interest in cryptojacking attacks. While the original in-browser cryptojacking script, Coinhive, is no longer in operation, multiple copycat scripts are still active. Additionally, cryptojacking malware targets Internet of Things (IoT) devices, mobile phones, computers, and routers.
The modern cryptojacking attack does not focus solely on mining cryptocurrency. Instead, cybercriminals leverage their access to accomplish multiple goals, such as combining cryptojacking and data theft. These combined attacks provide cybercriminals with multiple methods to monetize their exploits.
Cryptojacking attacks are a growing threat that wastes an organization’s resources and endangers its cybersecurity. Some best practices for protecting against cryptojacking attacks and improving endpoint security include:
Protecting against cryptojacking attacks requires advanced threat protection across all attack vectors and an organization’s entire IT ecosystem. Check Point Harmony Endpoint offers AI-driven prevention of known and zero-day threats and behavioral analytics to identify attempted exploits. To learn more about Harmony Suite’s capabilities, request a demo. You’re also welcome to sign up for a free trial to try out Harmony Suite for yourself.