Is your business the victim of cryptojacking?


Cryptojacking – where cybercriminals hijack CPU power and electricity from unsuspecting computer users to mine cryptocurrencies – can cripple a company’s network, increasing their costs and reducing productivity, warns Fernando Serto, Head of Security Technology and Strategy at Akamai Technologies (APAC).

“The idea behind crypto mining on end user devices was originally conceived as a way to offset declining ad revenue on high traffic websites due to ad blockers,” Serto told Dynamic Business.

“Legitimate cryptocurrency mining services, such as Coinhive, will typically throttle the CPU usage to avoid impacting performance of other applications. However, cybercriminals are greedy. They want to get the most out of infected machines, so they run malware-based crypojacking scripts designed to use as much CPU as possible. This allows them to mine cryptocurrencies as fast as possible while victims are browsing infected websites.

“Cryptojacking can result in a loss of productivity for companies due to slow and unresponsive systems, an increase in application crashes and even outages. In addition, it can lead to a costly spike in energy consumption, and sometimes scripts are run so intensely that it results in real damage to devices – for example, the Loapi crypto mining malware running on certain Android devices.”

Asked if there are any obvious warning signs that a company’s network is being cryptojacked, Serto replied: “Typically, if you notice high CPU usage, for example, you can hear the fans spinning when the only open application is a browser, and that can cause slowness/unresponsiveness on the device. That said, it can be hard for companies, especially those with large networks, to attribute spikes in CPU usage to cryptomining.” 

Serto said the challenges associated with cryptojacking have been compounded by the rise of anonymous cryptocurrencies such as Zcash and Monero, which is a popular cryptocurrency to mine due to its very low compute capacity requirements.

“When Bitcoin proved to be not-so-anonymous, cybercriminals switched their preference to anonymous coins like Monero and Zcash,” he explained. “Bitcoin is based on a public ledger, with every single transaction out there for everyone to see. Conversely, new cryptocurrencies like Monero and Zcash hide the sender, recipient and amount of each transaction made, affording cybercriminals who engage in cryptojacking greater privacy.”

Noting that crypto miners are being delivered into companies via malware, Serto said business operators need to ask themselves ‘what else is that malware doing?’.

“Cryptojacking on its own can impact productivity, systems performance, but doesn’t necessarily lead to loss of data or a potential breach,” he explained. “However, as malicious hackers are always looking for new attack vectors, the last thing we want is to leave another door open.”

Serto said a simple way for companies to mitigate the risk of cryptojacking is implementing a Domain Name System(DNS) security solution capable of blocking access to crypto mining scripts – “Typically, the amount of work involved to implement a DNS security solution is minimal and should only take a few minutes”.

In addition, Serto recommended companies:

  • Implement a very strict patching policy to prevent criminals from being able to exploit further vulnerabilities on end user devices.
  • Undertake a review of their backup policies.
  • Review the security on their websites or any application exposed on the internet to ensure they don’t end up serving illegal crypto mining scripts either.
  • Seek ongoing education about the cybersecurity landscape and stop viewing security as a cost (“It’s really difficult for companies to identify an ROI if they don’t understand the impact an attack would have on their environment”).

“Ultimately, it is important for companies to understand the landscape, and understand and mitigate a potential risk to their company,” Serto said.  “For example, Akamai IT made a decision to block crypto miners across all of our devices by blocking access at the DNS layer. This means crypto miners such as Coinhive are blocked from our company-issued devices and devices connected to wi-fi in any of our offices.”