What We Have To Say

Don't miss out! Stay up to date on our latest articles.

Threat of cryptojacking can be overpowering (SRC Technologies)

May 30, 2018
Column by Chad Knaus,
SRC Technologies IT Systems Engineer

Threat of cryptojacking can be overpowering

The rise of digital currencies has spawned a new hazard for computer systems, whose operational capacity can be compromised by hackers who prey on unsuspecting cryptominers.

GREEN BAY, Wis. — Nearly everyone has heard about Bitcoin by now, even if you don’t really understand how to mine for it.  Bitcoin – and its dozens of competitors – is a new class of currency called “cryptocurrency.” These digital currencies are paid as a reward for digital mining, an activity that is like mining for gold in the physical world.

The problem with cryptocurrency mining is that it takes a lot of computer power – more than most people have to spare. So, there is a new threat to the operational potential of computers – personal computers at home and, even more so, banks of computers or computer networks in a business environment. That threat now has a name: cryptojacking.

Cryptojacking is essentially a hijacking of your personal or business computer resources. It is malware that secretly and silently uses these resources for cryptomining purposes. Since it takes massive computer resources to make any real money with cryptomining, cryptominers have discovered that by splitting up the processing into small chunks across numerous machines they can amass the large amounts of computer power needed to earn worthwhile volumes of cryptocurrencies, which are worth varying amounts of money depending on the type of currency mined.

Here’s how it works:

Savvy hackers commonly embed cryptojacking malware inside the JavaScript code on otherwise normal, safe web pages. When a user opens an infected website, their computer begins to run small bits of code that confiscate computer resources from that user – and in the vast majority of cases, this happens without the user’s knowledge or permission. In other words, cryptojacking steals your computer power and resources in order to do the heavy lifting of cryptocurrency mining on behalf of the miners so they don’t have to invest in the computer systems to do it on their own.

Clearly, this is a problem for individual and business users alike. In the business world, cryptojacking impacts computer performance, and when spread across numerous users or even the corporate network, it can have a direct impact on the business’ overall productivity and cause untold headaches for the IT department in trying to determine what is going wrong. But, take heart! There are some proactive steps you can take to combat this threat.

What Can You Do to Stymie Cryptojacking?

  • Renew Your Focus on Patching: Staying up to date with patches is extremely important in the fight against any kind of malware, and cryptomining is no different. Focus in particular on Windows and third-party patches, especially web browsers, so you don’t give cryptominers a key to your computer’s back door.
  • Scan for Viruses: While patching helps prevent malware attacks, they do still happen. So, it’s also critical to keep your anti-virus programs up to date and to run frequent full-system scans. This is a good practice, whether you’re concerned about cryptojacking or not.
  • Clean Up Browser Histories: OK, this may be a little tough, especially in a corporate setting, but you should consider purging the browser extensions of each user when they are no longer using them. A little easier for users to grasp and do on their own: Close or exit web browsers that are not actively being used. When they’re closed, they aren’t depositing malware code onto your users’ systems – or gaining access to your network’s infrastructure.
  • Know with Whom You’re Communicating: Since cryptominers are depositing malware on trusted sites, it’s often hard to avoid becoming infected with cryptojacking code. But there are a few safeguards you can put in place – both personally and professionally – to better clarify with whom your own personal computer, as well as your business users’ computers, are interacting. Start by implementing a browser ad blocker. Many can be turned on and off at will, so this shouldn’t be met with too much opposition from your organization’s users. Next, add some URL filtering and use a network monitoring solution so you have more control over and visibility into exactly what is taking place behind the scenes.

Chad Knaus is an IT systems engineer with SRC Technologies in Green Bay, Wisconsin. He has nearly 20 years of experience working with companies and schools on developing, maintaining and supporting technical infrastructure and system hardware and software, including data security.

About SRC: Located in Green Bay, Wisconsin, SRC Technologies is a managed service provider that offers IT infrastructure and data-security consulting and management to enterprise and midmarket organizations, enabling their IT to enhance business performance. For more information, visit srctechnologies.com.