Why You Should Care about Cryptocurrency Mining
It is a sure bet that you have heard the word Bitcoin at some point over the past couple of years. Many people followed the headlines of its rollercoaster ride in late 2017 as the world's best-known, and most valuable, cryptocurrency.
Cryptocurrency is digital currency that can be exchanged for goods and services. The world of cryptocurrency is complex and sometimes shady. But for our purposes here, what you really need to know is that the activity known as cryptocurrency mining—the process by which cryptocurrency transactions are verified and recorded—could pose a threat to your business's computer systems.
What is cryptocurrency mining?
Cryptocurrency transactions are recorded via a blockchain. The blockchain is updated, and the information regarding the transaction is recorded, by currency miners known as cryptominers. The first cryptominer to be able to authenticate a transaction and update the blockchain earns a bit of the cryptocurrency. Because cryptocurrencies can be incredibly valuable, cryptocurrency mining is thus very competitive.
Cryptomining is resource-intensive. Among other things, it requires specialized hardware, bandwidth, and a lot of electricity. So what do you do if you cannot access enough cryptomining resources on your own? Hijack someone else's system and use their resources.
Cryptojackers: Stealthy Thieves
Cryptojacking is one of the newer threats on the IT scene, having emerged with the rise of cryptocurrency. Cryptojacking involves gaining access to a computer, or an entire computer system, to mine cryptocurrency without the owner's knowledge or permission.
Cryptojacking, like many other cybersecurity threats, generally takes hold via infections or malicious links. If the crypominer uses a phishing approach, you may receive an email with a seemingly harmless link in it. Clicking on the link will run a code that releases a cryptomining script into your computer. Another means of cryptojacking is through a website or an advertisement that will execute the script when you visit the site or encounter the ad.
The major difference between cryptojacking and many other cybersecurity threats is that people may be working on cryptojacked computers without knowing it. Cryptomining does not cause the obvious harm that something like ransomware or a social engineering attack can do. Often, its only effect on individual computers will be slightly slower processing. For this reason, many hackers see cryptojacking as more attractive than something like a ransomware attack—they stand to make a good return with little of discovery, much less prosecution.
But before you start thinking this is, essentially, a victimless crime, imagine the slowdown effect extended from a single unit to an entire computer system. The hijacking of resources, including electricity and processing resources, as well as the time that may be spent trying to figure out why the system is slow, can add up to substantial costs. It is thus worth your while to do everything you can to avoid being cryptomined.
So what do you do if you cannot access enough cryptomining resources on your own? Hijack someone else's system and use their resources.
Guarding Against Cryptominers
Cryptomining is an example of a threat that can perhaps best be averted through training and awareness. As phishing is among the most common means by which mining scripts are introduced, ensure that your staff are alert to phishing attempts.
Obviously, cryptojacking that originates with legitimate websites is harder to avoid, and malicious ads may also be difficult to detect. Make sure to take the following steps to safeguard against mining from such sources.
- Use available anti-cryptomining extensions on all browsers
- Ensure that all browser extensions are kept up-to-date
- Use antivirus software that has the ability to detect cryptomining
- Install an ad blocker
- Update web filters regularly
Cryptominers, like most hackers, are always changing their tactics, so vigilance is the watchword here, as with all cybersecurity issues.
If you or your team have noticed that your computers have slowed down and your computer fans are on, reach out to CITI. Your computers may have been cryptojacked by cryptocurrency miners.