Cryptojacking attacks will continue to grow in 2019, topping the list of ESET’s annual Cybersecurity Trends report, released on Tuesday. Cryptojacking is the practice of surreptitiously using the compute resources of target computers to mine for cryptocurrency, which is a computationally complex task.
While cryptocurrencies have potentially legitimate use cases, the compute resources needed to mine for them is sufficiently high that cryptocurrency mining is only marginally profitable unless the mining operation is particularly large-scale. The work of mining can, however, be distributed among different computers as part of a computational workgroup called a “mining pool.” As part of this, cybercriminals are gaining control over arbitrary devices, using their compute resources to mine for cryptocurrencies, and pocketing the ill-gotten gains.
SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)
Earlier this year, 4,000 government websites in the US, UK, and Australia were infected through a vulnerability in a third-party assistive technology for people with visual impairments. Tens of thousands of other websites, including the L.A. Times, were infected due to improperly configured S3 buckets. Likewise, Android devices affected by cryptojacking attacks have been known to overheat to the point of causing the battery to expand, causing damage to the device and potential injury to the user.
ESET points to research from the Technical University of Braunschweig’s Institute for Application Security, which suggests that “web-based cryptojacking is common, but only moderately profitable.” Likewise, ESET’s own Tomáš Foltýn reported that “one in every three UK organizations was hit by cryptojacking in April 2018.”
Diminishing returns could actually lead to an increase in such attacks, as the value of Monero has hovered around $40-45 USD since November 2018, compared to a peak of $474 in January 2018.
Users can keep their systems safe by blocking cryptojacking scripts from running on their systems. TechRepublic’s Jack Wallen offers his advice on how to block cryptojacking in Firefox, while ESET cautions that many non-browser cryptojacking attacks are spread through the EternalBlue vulnerability, a flaw Microsoft’s implementation of the SMB1 protocol, allowing hackers to send maliciously coded packets which improperly grant them the ability to execute arbitrary code on a vulnerable computer. Patching this critical exploit (and disabling legacy SMB1 connections) is a good defense against this attack.
The big takeaways for tech leaders:
- Cryptojacking is the practice of surreptitiously using the compute resources of target computers to mine for cryptocurrency, which is a computationally complex task.
- Diminishing returns could actually lead to an increase in such attacks, as the value of Monero has hovered around $40-45 USD since November 2018, compared to a peak of $474 in January 2018.