Five Ways to Catch Crypto-Miners on Your Network

By Maria Korolov

Contributing Writer,

CSO |

Hackers are turning to cryptojacking — infecting enterprise infrastructure with crypto mining software — to have a steady, reliable, ongoing revenue stream. As a result, they’re getting very clever in hiding their malware.

[ Learn how new cryptocurrencies offer better anonymity, new security challenges.

| Sign up for CSO newsletters.

]

Enterprises are very much on the lookout for any signs of critical data being stolen or encrypted in a ransomware attack. Cryptojacking is stealthier, and it can be hard for companies to detect.

By Michael Nadeau

Senior Editor,

CSO |

Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.

[ How much does a cyber attack really cost? Take a look at the numbers. | Get the latest from CSO by signing up for our newsletters.

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

We’ll update you weekly with all the latest news and tips you need to develop and deploy today’s business apps.

|

security

If 2017 was the year of the ransomware attack, then 2018, insofar as it can be defined by malware, was the year of cryptojacking.

In early 2018, the cryptocurrency market hit unprecedented levels, leading to a boom in cryptocurrency mining, both legal and illicit.

The important stories of innovation across the continent’s wide-ranging economies

Your computer could be secretly mining cryptocurrency—piggybacking on your computer’s processing power to confirm transactions and generate new and potentially lucrative coins—and you wouldn’t even be profiting from it. Incidents of malware containing crypto-mining tools have surged six-fold this year, according to IBM Managed Security Services. Here’s how to find out if you’ve been unwittingly committing your computing power to enrich someone else.

Open a resource monitor on your computer to check if CPU usage is abnormally high.

Cryptojacking malware has overtaken ransomware as the number one threat. Detecting and removing such threats has become more important than ever before. McAfee Labs’ Threats Report for 2018 states that “total ‘coin miner’ malware has grown more than 4,000% in the past year.”

Cryptojacking refers to the practice of gaining access to and using a computer’s resources to mine any cryptocurrency without the device owner’s knowledge or consent. Bitcoin is still the most popular cryptocurrency, and bitcoin mining malware is unsurprisingly among the top cryptojacking threats.

Unlike ransomware, bitcoin mining threats are not obtrusive and are more likely to remain unnoticed by the victim.

However, detecting cryptojacking threats is relatively easy.

If the victim is using a premium software security suite it is almost certain to detect any bitcoin mining malware.

Some websites might be using your CPU to mine cryptocurrencies like Bitcoin without your knowledge.

Mining of cryptocurrencies like Bitcoin can be lucrative.

But there’s a catch: it requires time and a lot of computing power.

If you could somehow spread those computing demands out among hundreds — and sometimes even thousands or millions — of unknowing users, it would greatly reduce the cost and time of mining expensive coins.

As nefarious as that sounds, it’s exactly what several websites were discovered to be doing by IT security company ESET in September last year.

Previously, criminals would go about hijacking someone else’s computer to mine coins through a malicious program that was installed.

Cybercriminals are always on the lookout for clever ways to turn new technology into money-making opportunities. Cryptojacking is one of their latest innovations

Cryptojacking is the unauthorized use of an individual or organization’s computer to secretly mine for cryptocurrency.

Cybercriminals are always on the lookout for clever ways to turn new technology into money-making opportunities.

Bitcoin or Cryptocurrency mining is the process by which Cryptocurrency transactions are verified and added to the public ledger, known as the block chain, and also the means through which new bitcoin are released. Anyone with access to the internet and suitable hardware can participate in mining.

The mining process involves compiling recent transactions into blocks and trying to solve a computationally difficult puzzle. The participant who first solves the puzzle gets to place the next block on the block chain and claim the rewards. The rewards, which incentivize mining, are both the transaction fees associated with the transactions compiled in the block as well as newly released bitcoin.

Cryptocurrency mining is painstaking, expensive, and only sporadically rewarding. Mining is competitive and today can only be done profitably with the latest ASICs.

One reply on “Five Ways to Catch Crypto-Miners on Your Network”