Why cryptojacking is an overlooked security threat

Why cryptojacking is an overlooked security threat

Ransomware attacks like WannaCry and NotPetya have generated reams of news coverage this year, but another form of cyberattack is quietly on the increase: cryptojacking.

Readily available JavaScript tools allow cryptojackers to harness the CPUs of phones, tablets, PCs and servers, and use this collated power to validate cryptocurrency transactions before other miners. Their Bitcoin (or altcoin if they're mining another cryptocurrency) reward for providing this service comes at someone else's expense – and that someone, whether an individual or organisation, often has no idea their processing power has been hijacked.

“You could be browsing a website they've taken over through malware or by adding some JavaScript, and without your knowledge, without your approval, your laptop or your iPad's compute resources are now being used for mining cryptocurrency,” says Varun Badhwar, CEO and co-founder of RedLock, which monitors Microsoft Azure, Google Cloud Platform, and AWS for security and compliance risks. “This [type of attack] can impact anybody and everybody across the globe, regardless of what kind of system you're on and how many compute resources you have available.”

Confused by cryptocurrencies? Check out: What you need to know about cryptocurrencies

Although mining malware has been around since 2013, the release of the Coinhive JavaScript miner in September, together with soaring cryptocurrency values, have made cryptojacking increasingly appealing to hackers. However, Coinhive itself was not created for malicious purposes: it was intended as means for websites to earn money by borrowing visitors' processing power to mine Monero, an untraceable cryptocurrency, instead of bombarding them with ads.

To continue reading...

Please login or register to view your article. If you do not have or do not remember your password, please click on the “Forgotten your password?” link at the bottom.
If you do not yet have a password but are an existing user, please use the “Forgotten your password?


«What will be the single biggest security threat of 2018?


101: The quantum vendor market race is hotting up»
Duncan Jefferies

Duncan Jefferies is a London-based freelance journalist who writes about technology, digital culture and sustainability.

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



If it were legal, would your organization hack back?