Rise of the cryptojackers

March 12, 2019

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Put simply, it is malicious mining. Cybercriminals use various surreptitious means to install miner programs on other people’s computers (preferably in bulk), and take all of the profit from cryptocurrency mining without incurring any of the equipment or electricity costs.

If you are not familiar with cryptojacking, now is the perfect time to read up on it. Here’s why.

Explosive growth in cryptojacking

Logically, you might think that the fall in cryptocurrency values should have led to a decline in cryptojacking, because there is less profit to be had from it. But quite the opposite happened. At RSA Conference 2019, Cisco Umbrella analysts reported that the volume of cryptomining-related corporate traffic worldwide had increased about 200-fold during the year! This is a direct result of the rise of cryptojacking.

Most likely, it is because during the boom years people grew used to high yields from cryptomining. But after the market sank, and using one’s own equipment and electricity for mining became unprofitable, some decided to switch to a less-honest alternative — cryptojacking.

Who suffers the most from cryptojacking?

The main damage from cryptojacking is felt by small and medium-size businesses — the former account for about one-third of cryptomining traffic, the latter one-half. Enterprises’ share of the pain is just 18%, presumably because big business is more serious-minded about information security, whereas SMBs have a more relaxed attitude.

The distribution of cryptomining traffic by industry is interesting: In first place is the energy sector (34%), followed by education (26%) and healthcare (7%).

Cisco Umbrella statistics indicate that cryptojackers’ main target was North America: The US accounted for 62% of cryptomining traffic, with another 2% from Canada. EMEA is in second position with a more modest 6%. The biggest surprise was South Africa with around 2% of mining-related traffic, enough for third place.

How to protect against cryptojacking

Never underestimate the damage that cryptojacking can cause. Sure, malicious mining is far less destructive than ransomware. But the losses are direct — victims have to pay for computing power and electricity, which can translate into considerable sums.

What’s more, the very fact that some kind of illegal activity is being carried out on your company’s computers is not good news. It means your IT infrastructure has vulnerabilities. Today, they are being exploited for cryptojacking, but when that business becomes less lucrative, they will be put to some other purpose.

  • Use reliable security solutions, preferably with specially designed anticryptojacking technologies.
  • Also install protection software on embedded devices (public displays, terminals, etc.) and enable Default Deny mode where possible.
  • Monitor traffic: Frequent queries to domains of popular cryptomining pools are a clear sign that someone is mining at your expense. Ideally, add these domains to your domain block lists for all computers in your network — lists of such domains can be found online. New domains are constantly appearing, so be sure to update the list systematically.
  • Immediately investigate any abnormal increase in processor usage needs for cloud computing platforms such as Amazon EC2, Microsoft Azure, and others.