Why cryptojacking will become an even larger problem in 2019

Cryptojacking was the runaway security problem in 2018, damaging devices in cybercriminals' pursuit of profits. As cryptocurrency prices fall, 2019 could see more attacks.

Cryptojacking: The evolution of ransomware John Kuhn, Senior Threat Researcher at IBM X-Force, explains why cryptojacking is so profitable.

Cryptojacking attacks will continue to grow in 2019, topping the list of ESET's annual Cybersecurity Trends report, released on Tuesday. Cryptojacking is the practice of surreptitiously using the compute resources of target computers to mine for cryptocurrency, which is a computationally complex task.

While cryptocurrencies have potentially legitimate use cases, the compute resources needed to mine for them is sufficiently high that cryptocurrency mining is only marginally profitable unless the mining operation is particularly large-scale. The work of mining can, however, be distributed among different computers as part of a computational workgroup called a "mining pool." As part of this, cybercriminals are gaining control over arbitrary devices, using their compute resources to mine for cryptocurrencies, and pocketing the ill-gotten gains.

Cryptojacking was a burgeoning industry in the first half of 2018, enabled by the mining service Coinhive, which allows website owners to mine the Monero cryptocurrency on the devices of visitors, using Javascript. While Coinhive is-prima facie-a legitimate operation, the number of illegitimate users of the service seem to outnumber legitimate ones.

SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)

Earlier this year, 4,000 government websites in the US, UK, and Australia were infected through a vulnerability in a third-party assistive technology for people with visual impairments. Tens of thousands of other websites, including the L.A. Times, were infected due to improperly configured S3 buckets. Likewise, Android devices affected by cryptojacking attacks have been known to overheat to the point of causing the battery to expand, causing damage to the device and potential injury to the user.

ESET points to research from the Technical University of Braunschweig's Institute for Application Security, which suggests that "web-based cryptojacking is common, but only moderately profitable." Likewise, ESET's own Tomáš Foltýn reported that "one in every three UK organizations was hit by cryptojacking in April 2018."

Diminishing returns could actually lead to an increase in such attacks, as the value of Monero has hovered around $40-45 USD since November 2018, compared to a peak of $474 in January 2018.

Users can keep their systems safe by blocking cryptojacking scripts from running on their systems. TechRepublic's Jack Wallen offers his advice on how to block cryptojacking in Firefox, while ESET cautions that many non-browser cryptojacking attacks are spread through the EternalBlue vulnerability, a flaw Microsoft's implementation of the SMB1 protocol, allowing hackers to send maliciously coded packets which improperly grant them the ability to execute arbitrary code on a vulnerable computer. Patching this critical exploit (and disabling legacy SMB1 connections) is a good defense against this attack.

The big takeaways for tech leaders:

  • Cryptojacking is the practice of surreptitiously using the compute resources of target computers to mine for cryptocurrency, which is a computationally complex task.
  • Diminishing returns could actually lead to an increase in such attacks, as the value of Monero has hovered around $40-45 USD since November 2018, compared to a peak of $474 in January 2018.

Also see

istock-524882074itsecurity.jpg
KrulUA, Getty Images/iStockphoto