Cryptojacking is everyone’s problem, even if you don’t do crypto

Image by BitsAndSplits | Bigstockphoto

The boom in cryptocurrencies and NFTs also means a boom in cryptojacking attacks – here’s how to know when you’ve been cryptojacked.

Cryptocurrency is booming in Hong Kong as everyone, from local YouTubers to retailers, art galleries, and businesses are selling virtual products or services as non-fungible tokens (NFTs). $37 billion of transactions have been made on the NFT marketplaces in 2022 as of May 1 and the active number of buyers and sellers continues to grow. Cryptocurrency will gradually become more prevalent and widely accepted as retailers, organisations leverage new technology such as metaverse, AR/VR and NFTs to engage physically and digitally.

However, cybercrime is also likely to rise in volume and sophistication, given these technologies are relatively new.

According to Palo Alto Networks’ threat intelligence team Unit 42, cryptojacking is the most commonly seen attack on unsecured Kubernetes clusters. Google also estimated that 86% of compromised Google Cloud credentials were used to launch cryptocurrency mining attacks on the breached environment. This means that even individuals and companies who haven’t engaged in the crypto market, need to be cautious as attackers are now targeting computers, tablets, and even cloud services, to mine cryptocurrency in the dark.

How does cryptojacking work and how does it harm the business?

Cryptojacking refers to the use of an individual or company’s s devices, such as computers, smartphones, or even cloud servers, without their consent, to secretly mine cryptocurrency.

Cybercriminals do this by either getting the victim to click on a malicious link in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser. When the malware is installed, a portion of your computer is taken over and controlled. The control happens anonymously as you continue to use the device, but the crypto mining code is working in the background, undermining the performance of your devices and using your network for free money.

Computers and cloud servers are high-value assets to companies of all sizes in Hong Kong, and their performance is critical for business operations. From the second cryptojackers start to mine, the impaired performance of the devices and the damaged health of the network causes a direct loss of money.

Should companies leave cryptojacking malware unattended, they also run into the risks of further lateral movement and data exfiltration, which will lead to contamination of the entire network and data leakage.

Detecting and preventing cryptojacking

It can be difficult to detect cryptojacking as the process is often hidden. However, there are some signs that individuals and companies can watch out for:

  • Decreased performance and draining battery: One of the key symptoms of cryptojacking is decreased performance on your computing devices. Be alert if your device is running slowly and your battery drains unusually fast.
  • Overheating: Cryptojacking is a resource-intensive process that can cause computing devices to overheat. This can lead to irreversible damage and shortened lifespan of the devices.
  • Unusual CPU usage: Abnormally high CPU usage even when you’re on a website with little or no media content could be a sign that crypto-jacking scripts might be running.

Cryptojacking criminals use techniques very similar to malware and ransomware attacks, so ensuring a secure enterprise network with threat detection and maintaining the security hygiene of individual workers are key.

Companies should ensure that their endpoint protection is robust and strong enough for detecting threats and malware in real-time. Cryptojacking malwares are creative in bypassing detection, while cybercriminals are constantly using new attack methods. Solutions powered by machine learning will ensure your security protection is continuously  learning from vast amounts of data to detect threats across multiple fronts. As with other malware measures, it is far better to install security before becoming a victim.

Both IT and general employees need to be educated on cybersecurity best practices, such as only visiting reputable websites and browsing on a properly reviewed whitelist, and avoiding clicking on links from suspicious emails and ads. Educating all employees about the common signs of cryptojacking will also enable IT teams to be prepared and respond immediately with a further investigation.

Cryptojacking should never be underestimated. It is a disruptive attacking tactic that causes major disruption, damage, and cost to both individuals and businesses. By taking these measures, you can keep your computers working for you rather than for someone else. Companies should start developing a cybersecurity mindset to protect themselves and their assets, ensuring the safety of the business in the current cryptocurrency era.

By Wickie Fung, general manager of Palo Alto Networks (Hong Kong and Macau)

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.