Why cryptojacking is an overlooked security threat

How compute power from many organisations is being slyly diverted into cryptocurrency mining

Ransomware attacks like WannaCry and NotPetya have generated reams of news coverage this year, but another form of cyberattack is quietly on the increase: cryptojacking.

Readily available JavaScript tools allow cryptojackers to harness the CPUs of phones, tablets, PCs and servers, and use this collated power to validate cryptocurrency transactions before other miners. Their Bitcoin (or altcoin if they're mining another cryptocurrency) reward for providing this service comes at someone else's expense – and that someone, whether an individual or organisation, often has no idea their processing power has been hijacked.

“You could be browsing a website they've taken over through malware or by adding some JavaScript, and without your knowledge, without your approval, your laptop or your iPad's compute resources are now being used for mining cryptocurrency,” says Varun Badhwar, CEO and co-founder of RedLock, which monitors Microsoft Azure, Google Cloud Platform, and AWS for security and compliance risks. “This [type of attack] can impact anybody and everybody across the globe, regardless of what kind of system you're on and how many compute resources you have available.”

Confused by cryptocurrencies? Check out: What you need to know about cryptocurrencies

Although mining malware has been around since 2013, the release of the Coinhive JavaScript miner in September, together with soaring cryptocurrency values, have made cryptojacking increasingly appealing to hackers. However, Coinhive itself was not created for malicious purposes: it was intended as means for websites to earn money by borrowing visitors' processing power to mine Monero, an untraceable cryptocurrency, instead of bombarding them with ads.

Nevertheless, there was – at least initially – no requirement for sites to tell people their CPUs were being 'borrowed' for mining purposes. Perhaps unsurprisingly, hackers soon began injecting Coinhive and copycat scripts into websites like Polifact.com and Showtime without the site owner's knowledge, effectively using their traffic as a means to access a vast number of CPUs and gain an edge over rival miners. 

Mining malware typically remains hidden in the Task Manager, running for as long as a web page remains open. In terms of the scale of the problem, AdGuard recently reported that 220 sites on the Alexa top 100,000 list serve crypto mining scripts to more than 500 million people, generating a collective $43,000. “...right now it's not millions,” AdGuard said in a blogpost on the issue, “but this money has been made in three weeks at almost zero cost.”

To continue reading this article register now