Maksim Kabakou - Fotolia
Security Think Tank: Cryptojacking can be costly
How can organisations best defend against cryptojacking?
After several months of cryptocurrency – particularly bitcoin – featuring in media headlines, it is no surprise that cryptojacking has come to the fore as a rising threat for 2018.
Cryptojacking is the unauthorised use of a target’s computer, mobile device or server to mine cryptocurrency. This can be done by compromising websites with JavaScript code that will automatically execute via the target’s web browser, or delivering a payload via phishing tactics to place cryptomining script on a computer or server.
Unlike many other types of malware, the purpose of cryptojacking is not to steal data, but to covertly hijack the computer processing power of the device. This can cause devices to consume more power, overheat, lag in performance and potentially destruct, which can disrupt business processes.
The implications can be particularly costly for an organisation if their corporate servers are the target of a cryptojacking attack.
Cryptojacking can be difficult to detect, particularly if it is performed in-browser. Organisations should monitor any anomalies or spikes in the use of computer power (and electricity), and proactively examine cryptojacking as a possible cause for system degradation.
To protect against cryptojacking, organisations should take a layered approach, which may include the following measures:
- Applying anti-mining browser extensions, such as NoCoin, MinerBlock, Coin-Hive Blocker
- Disabling Java on specific websites
- Blocking known mining domains
- Tuning antivirus and antimalware software to detect adware and potentially unwanted programs.
Legitimate cryptomining models may become the new normal. Web content providers could fund their services by offering consumers a choice – view pop-up adverts or enable cryptomining using idle CPU time.
Users dislike adverts, especially prominent ones that get in the way of their ability to read a web page. A nice clean page while the user’s CPU mines cryptocurrency in the background may be preferable over intrusive pop-ups.
Read more from Computer Weekly’s Security Think Tank about cryptojacking
Online media firm Salon.com pioneered this approach in early 2018, allowing users to opt in to cryptomining for an ad-free experience. Such business models may eventually undercut the criminal gains of cryptojacking.
This concept is very familiar if we cast our minds back some 20 years to the SETI@Home programme, and more recently the Folding@Home project, where users volunteered to run a screensaver that used their computing resources while away from their desk. So perhaps this is really nothing new.