Cryptojacking: How it Harms Your Business

Phishing

Phishing emails are sent to targeted victims. They may contain malicious links to infected websites or infected attachments. Phishing emails are becoming harder to detect, with cybercriminals using AI and evasive tactics to hide malicious content.

Infected Websites or Malicious Online Ads

Hackers can take control of websites and use them to run malicious scripts in vulnerable browsers when a user visits the site. The scripts run, mining cryptocurrency every time a visitor with a vulnerable browser navigates to the website. Over 4000 government and public service websites were infected with cryptojacking scripts. Anyone visiting an infected website was at risk of becoming a cryptojacking victim.

Similarly, "drive-by-mining" describes the use of malicious ads to carry out cryptomining without knowledge or consent.

Using the Software Supply Chain

Cryptojacking malware may be distributed via the software distribution supply chain. Cybercriminals hide malicious scripts in software updates or in open-source libraries.

Compromised Cloud Resources

Cloud infrastructure with unsecured APIs, vulnerabilities in cloud components, or misconfigured components can be hijacked by cryptojacking. Recent Google research found that 86% of compromised Cloud instances were used to perform cryptocurrency mining.

Business Disruption

Cryptojacking malware and malicious JavaScript cause device slowdowns. The costs associated with productivity losses stack up. A survey exploring productivity found that employees can waste up to two days per year on slow computers.

Spike in Electricity Use and Costs

Crypto mining requires large amounts of electricity to perform complex computations. Crypto miners need to hijack $53 worth of system resources to earn $1. If your network computers or cloud infrastructure are infected with cryptojacking malware, expect to see large electricity bills.

Security Risks

If cryptojacking malware is installed on your computers, you know your security is lacking. If security is breached, you should expect a high risk level. A high-risk level means there is a potential for further attacks, including ransomware and data theft. The cost of downtime from a ransomware infection is estimated to be $25,620 for SMBs and $540,000 for enterprises per hour.

Exposure to Legal Liability

If a business unknowingly sends cryptojacking malware to another organization, it could face legal liability, facing large costs to cover solicitors and court fees.

Device Damage

The massive CPU usage required to mine cryptocurrencies can lead to computer burnout.

Reputation Damage

Customers and clients expect companies to take security seriously. Reputational loss is difficult to quantify; however, if your company is identified as the victim of a cryptojacking attack, you may lose customer trust and business.

Timely Patching

Browser-based cryptojacking exploits browser vulnerabilities. Therefore, keep browsers patched and up-to-date.

Advanced Anti-Malware / Endpoint Security

Traditional anti-virus software can be easily evaded by modern malware, like cryptojackers. However, Next-Generation Anti-virus (NGAV) software uses advanced technologies, like AI and behavioral analysis, to identify evasive malware.

Security Awareness Training

Cybercriminals may use phishing to initiate a cryptojacking malware infection. Educate your employees about the dangers of phishing and how to identify potential phishing messages. Phishing simulations that modify the training based on an individual's behavior are useful methods to reduce phishing risk.

Also, educate employees about safe internet use: an example of the innovativeness of cybercriminals is a recent case where the attackers hid cryptojacking scripts in the form of a malicious HTML file featuring the image of late athlete, Kobe Bryant. The image was a downloadable wallpaper. Anyone downloading the wallpaper became a victim of cryptojacking.

Install an Ad Blocker

Some cryptojacking attacks use malicious ads to run JavaScript code that hijacks machines to mine crypto. By blocking ads, your company can prevent employee browsers from being hijacked. Blocking JavaScript in the browser can also help. However, JavaScript is used legitimately by many websites, leaving your web experience degraded.

API Security

Cybercriminals are known to target APIs for cryptojacking. A recent attack used the Docker Engine APIto initiate a large-scale cryptojacking attack. API security is essential to prevent these mass-broadcast cryptojacking attacks.

Secure Cloud and Container Environments

Cloud and container resources must be protected against cryptojacking. This level of security is typically provided by a managed service provider or Security Operations Center (SOC). Some cloud infrastructures, like GoogleCloud, provide anti-cryptojacking capabilities.

Robust Access Control and Authentication

Robust login credentials and least privileged access enforcement are fundamental layers preventing unauthorized access to cloud and network resources.

Web Application Firewall (WAF)

A firewall can detect and block malicious websites or infected computers that can connect to mining nodes.

Secure Your Supply Chain

Check any source code updates from suppliers in an isolated environment before releasing them into production.