Mining cryptocurrency can be big business, with organizations and individuals alike mining cryptocurrency to generate income. The processing power needed to mine cryptocurrencies has resulted in a new kind of threat known as cryptojacking, which illicitly uses as much of a device’s CPU as it can muster. The past few months have seen a huge rise in cryptojacking, yet many organizations are unaware of it and what it can do. Preventive measures include awareness (for the service desk), education (around phishing, for users), and technology deployments.
Mining cryptocurrency takes a significant amount of computing power, more than individual computers can provide. If an individual or organization decides to pursue this way of making money, significant investment is required into the computing power needed, as well as the cost of the electricity to run the computers.
Some organizations have chosen to use crypto mining as a replacement for ad revenue. Entirely above board, users can make a choice to accept that website using their computer to mine cryptocurrency for the period that the individual is on their website.
However, the new threat on the block, cryptojacking, which often uses botnets, takes over other computers (without the user’s knowledge or consent) to harness computing power in the quest for cryptocurrency, using methods including a phishing link in an email, content in a browser, or online advertisements. According to the Internet Security Threat Report (ISTR) from Symantec, cryptojacking attacks went up by 8,500% in 2017, with the vast majority of the increase taking place in the final quarter of the year when the value of many publicly traded cryptocurrencies soared.
Users might notice their computer running more slowly than usual, but other than that may be unaware that their machine has been cryptojacked and is being used to mine cryptocurrency. Yet, it still costs organizations and individuals in productivity and computing power.
Having only fairly recently emerged as a threat, defending against cryptojacking first requires that those charged with protecting an organization’s information and systems know about it and the effects on processing power. When users contact a helpdesk with a problem that includes a slow-running computer, cryptojacking can then be included in the analysis of the machine.
Installing preventive measures such as ad blockers and anti-cryptomining extensions can contribute to protecting the organization. Ad blockers have a well-known downside, in that some websites can prove more difficult to navigate, and specific websites may need pop-ups-enabling (a time-consuming exercise for the service desk or user). Anti-cryptomining extensions can also be used to pick up both authorized and unauthorized cryptomining on a machine.
As with most threats, organizations need to protect in layers: awareness and education (covering people and process) supplemented by technological controls.
A version of this article was originally produced for Computer Weekly in April 2018.
ICT Enterprise Insights 2017/18 – Global: ICT Drivers and Technology Priorities, PT0099-000002 (September 2017)
Maxine Holt, Research Director, Infrastructure Solutions