
The Growing Threat of Cryptojacking: Detection and Prevention
What is Cryptojacking?
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers break into a computer or infect websites with hidden mining code to use a computer’s processing power to mine cryptocurrencies without the owner’s consent.
Cryptojacking has emerged as a growing cyberthreat in recent years for several reasons:
- 
The rise in popularity and value of cryptocurrencies like Bitcoin and Ethereum has incentivized hackers to hijack devices to mine crypto. 
- 
Browser-based cryptojacking has become easier with the development of in-browser mining scripts like Coinhive. 
- 
As cryptocurrency mining becomes more resource intensive, cryptojackers are targeting the immense processing power in enterprise data centers, cloud servers, and large websites. 
How Does Cryptojacking Work?
There are two main approaches to cryptojacking:
Browser-Based Cryptojacking
This is the most common method used by hackers. The hacker infects a website or online ad with JavaScript code that runs in the visitor’s web browser. This code uses the visitor’s computing power to mine cryptocurrency without their knowledge.
- The in-browser mining script Coinhive pioneered this method. When a user visits the infected site, Coinhive immediately starts using a big percentage of the user’s CPU resources to mine Monero coins in the background.
Network-Based Cryptojacking
In this type of attack, the hacker installs cryptocurrency mining malware on a computer or network device without authorization. The malware then uses the processing power of the compromised machine to mine cryptocurrency.
- Hackers often target enterprise networks, cloud servers, IoT devices, and large websites with high bandwidth to maximize mining profits.
- Cryptojacking malware like WannaMine, Cryptoloot, and CryptoMiner have been used in these network-based attacks.
Impacts of Cryptojacking
Cryptojacking activities can severely impact businesses and users:
- 
Slows down computers and drains electricity – At-scale cryptojacking can potentially cause computers and devices to overheat and consume enormous amounts of electricity. 
- 
Degrades performance of websites and networks – Infecting websites with cryptojacking code significantly slows down page load times and degrades overall user experience. 
- 
Increases costs for cloud services – Cryptojacking increases CPU usage which can inflate costs for public cloud services like AWS. 
- 
Data privacy risks – Cryptojacking scripts may collect sensitive user data like browsing history and send it to external servers. 
Detecting Cryptojacking
Here are some tips to detect cryptojacking activities:
- 
Monitor CPU and GPU usage – Unusually high CPU/GPU activity may indicate cryptojacking, especially if the computer or website is slow. 
- 
Check browser extensions – Delete any unknown or suspicious looking extensions. Cryptojacking extensions often pose as useful utilities. 
- 
Block mining scripts – Use ad blockers and anti-mining browser extensions like No Coin and minerBlock to prevent unauthorized mining. 
- 
Scan network – Use IT monitoring tools to scan your network for any unusual traffic to external servers. Cryptojacking malware communicates with external mining pools. 
- 
Monitor cloud costs – Closely watch bills from cloud providers for any abnormal spikes which may indicate cryptojacking. 
Preventing Cryptojacking
Here are some best practices to protect against cryptojacking threats:
- 
Keep software up-to-date – Regularly patch and update operating systems, software, and browsers to the latest versions. Updates often contain critical security fixes. 
- 
Use antivirus and anti-mining software – Install endpoint security solutions with behavior-based threat detection and cryptojacking prevention capabilities. 
- 
Block suspicious domains – Use firewalls to block outbound connections to domains associated with cryptojacking activities. 
- 
Monitor third-party JS on websites – Diligently audit third-party trackers, ads, and JavaScript on websites to prevent supply-chain attacks. 
- 
Restrict admin privileges – Only provide admin access to devices and servers to necessary personnel to minimize insider threats. 
- 
Use browser extensions – Browser extensions like No Coin, minerBlock, and CryptoStopper can prevent in-browser cryptojacking. 
Conclusion
Cryptojacking has emerged as a fast-growing cyberthreat given the rise in cryptocurrency prices. By hijacking devices to secretly mine cryptocurrencies, cryptojacking can impair performance and availability of systems while racking up substantial electricity and cloud bills. Organizations can protect themselves by monitoring for suspicious activity, hardening networks and devices, using specialized tools, and keeping staff educated about cryptojacking. With vigilance and proper precautions, companies can mitigate the risks posed by this new breed of cybercrime.
 
								










