Cryptomining: how to protect your business

May 29, 2018 James McNab

If your business isn’t accepting cryptocurrency, it’s probably only a matter of time. This payment method, which uses Bitcoin and other similar digital currencies, can mean real benefits for small businesses. Not only does it cut out the middleman - significantly lowering transaction fees - but it can attract consumers who are looking to use this method of payment, and provide small businesses with a way to expand overseas.

What is cryptojacking?

But with any new innovation comes risk, and cryptocurrency is no exception. Because cryptocurrency is a fully online process, hackers can mine it by planting malicious code in a web browser that will then hijack the user's CPU to mine cryptocurrencies - this process called cryptojacking.

Cryptojacking is often done without a victim’s knowledge, and can significantly slow down computer performance by draining the Central Processing Unit (CPU) power. With the increase in the popularity of cryptocurrency like Bitcoin, many criminals are using cryptojacking to pull in profit.

It’s becoming a big problem, and fast. Many recent reports have found that illicit cryptomining increased by more than 1,000 percent last year. According to the U.K.’s National Cyber Security Center (NCSC), the incidences of cryptomining will continue to rise significantly. Cisco’s Talos team released a blog in January explaining the reasons for this massive growth and noted that one of the most popular mining targets, Moreno, saw a 3000% increase in 2017.

In February, news reports that Tesla was a victim of cryptojacking surfaced, proving that individuals and big corporations alike can face vulnerabilities. Wired reports that some of Tesla's Amazon Web Services cloud infrastructure was found to be running the mining malware. Although the problem was fixed quickly and data exposure was reported to be minimal, it still demonstrates how it can affect anyone, at any time.

How harmful can cryptojacking be?

Cryptojacking can affect different businesses and different sectors in different ways. Take industrial control system (ICS) devices as an example. ICS powers much of our critical infrastructure, and these devices are often purpose-built with just enough system resources to perform their intended functions. The processing resources required for cryptojacking can be enough to overwhelm such devices, potentially causing service delivery degradation or outage. That would be a critical problem for a power grid.

"What we have seen is a shift away from ransomware to cryptojacking," says Talos Outreach Manager Mitch Neff. "The question is, is that better or worse? Data isn't lost, but resources are stolen, power bills increase at scale, and productivity takes a hit… these all cost real dollars to a company."

"In the short term, the shift to cryptomining from ransomware has great appeal," says Talos Senior Technical Leader and Security Outreach Manager Craig Williams, "Networks stay up and services remain intact. The problem is, this business model can potentially leave the bad guys with more money than ever before."

Companies are addressing this growing threat in different ways. Google, for example, has announced a ban on all Chrome extensions in the Chrome Web Store that might be used to initiate a cryptojacking attack. A blog post from the tech giant states that around 90% of these cryptojacking extensions were ignoring Google's policies, instead using these extensions to host cryptomining code. Other tech companies are working hard to update products so they can better detect and protect against this new class of threat.

The future of cryptojacking

The sophistication and type of cryptomining attacks is likely to grow over time. Talos recently studied a cryptocurrency called Bitvote, and while it has yet to turn much of a profit for its illicit miners, the methods used to mine Bitvote show a different level of sophistication than what Talos has previously seen. We are still in the relatively early days of illicit cryptomining, but it’s safe to say that we can only expect to see more sophisticated players enter this arena.

Steps to prevent cryptojacking

So how do you prevent unwanted cryptomining software from getting onto computers within your organisation? Being proactive is the first and most important step. This includes:

  • Using Task Manager for Windows or Activity Monitor for Mac OS X to see if there are spikes in resource usage when visiting certain websites.
  • Disabling JavaScript in the browser.

It's crucial to be aware of current threats and malware in order to keep you and your organisation secure. Learn everything you need to know about cybersecurity with Cisco's 2018 Annual Cybersecurity Report, where experts break down everything from malware sophistication to encryption and machine learning.

For more extensive technical information and recommendations on how to defend against different methods of attack, get the full cryptomining whitepaper.


About the Author

James McNab

James leads Cisco’s cybersecurity marketing across Europe, Middle East, Africa and Asia Pacific. He is passionate about helping customers enhance their ability to detect and block cybersecurity threats quickly and effectively so that they can focus on serving their customers and growing their business.

Follow on Twitter Follow on Linkedin More Content by James McNab
Previous Article
Cyber security small business trends 2018 – infographic
Cyber security small business trends 2018 – infographic

Next Article
Ransomware: Why do hackers target SMBs?
Ransomware: Why do hackers target SMBs?

Read the latest Cyber Security trends

Get the report