In the age of rapidly evolving cyberthreats, it’s easy to focus our attention on the most dramatic exploits—the ransomware attacks that hold corporate networks hostage while demanding cryptocurrency payouts or the staggering breaches that expose massive amounts of our private data, for example. But another growing threat intentionally flies under the radar, hoping to go unnoticed: cryptojacking. Here’s a look at what cryptojacking involves and how you can protect your business from this newer and stealthier threat.
What Is Cryptojacking, and How Does It Hurt Businesses?
In a cryptojacking attack, malicious actors access a company or organization’s computing resources without its knowledge or consent, installing cryptomining malware on as many devices as possible—sometimes even including internet of things gadgets, mobile devices, and cloud infrastructure—to mine cryptocurrency for their own personal profit. Cryptojackers usually accomplish this task by getting their targets to click on a malicious link in a phishing message or by infecting a website or online advertisement with JavaScript code that auto-executes within a web browser.
Although victims often don’t notice that anything is amiss, they may foot the bill in the form of slower device performance, hampered employee productivity, increased help desk time spent troubleshooting nebulous performance issues, higher electric bills, and even hardware replacement costs. Because these costs are often hard to clearly attribute to a cryptojacking attack and the business risk feels less severe compared to something more disruptive, like a ransomware attack, victims often lack the incentive to aggressively address the problem.
Unfortunately, cryptojacking attacks are expected to increase from here on out. As WIREDOpens a new window notes, cryptojacking managed to nab a 35 percent share of all web-based attacks in 2018 despite only arriving on the scene in late 2017. And, according to McAfeeOpens a new window , cryptojacking attacks rose by 29 percent in the first quarter of 2019 alone. Intrepid cryptojackers even created a cryptomining botnetOpens a new window that harnessed the computing power of more than 850,000 computers and generated several million euros worth of cryptocurrency before French police detected and halted their attack.
How to Protect Your Business from a Cryptojacking Attack
Fortunately, IT professionals can do a few things to ward off this novel and stealthy threat:
- Educate Your Users and IT Staff About Cryptojacking. If you’re already teaching your users to identify phishing attacks, then explain to them how cryptojackers often use this technique to successfully co-opt their computers and run cryptomining malware in the background. By training your users and your IT team on how to spot cryptojacking, you can help your organization more quickly identify a potential attack in progress.
- Consider Installing Ad-Blocking or Anti-cryptomining Extensions. Because so many cryptojacking attacks take place within the web browser, that can also be your first line of defense. Some ad blockers and anti-cryptomining extensions can stop these attacks in their tracks, protecting your organization from the inevitable drain on resources that cryptojacking causes. For that matter, be sure to keep any web browser extensions you use up to date so they can’t be compromised by cryptomining malware. You’ll also want to update your web filtering tools to block any pages or sites that are known to be malicious.
- Make Sure Your Endpoint Protection Solution Detects Cryptojacking Attacks. Many antivirus and endpoint security solution vendors are updating their products to include cryptojacking detection, so you may well already have this capability. That said, it’s wise to confirm that you are covered on this front.
Keep a Lookout for Cryptojacking Attacks
Although cryptojacking is on the rise, the good news is that you can protect your business by learning how cryptojacking attacks work, taking the above steps to bolster your defenses, and maintaining a vigilant posture. After all, many of the best practices you need to follow to prevent a cryptojacking attack will also help you head off other threats. That said, one thing we’ve learned from the rapid rise of cryptojacking is that an entirely new form of attack can emerge from seemingly out of nowhere to infect hundreds of thousands of computers on a global scale in just a short amount of time. With that in mind, it’s prudent to keep tabs on emerging cyberthreats. That way, you’ll be better prepared to defend your business no matter how the threat landscape evolves.