Bitcoin... Blockchain... Cryptocurrency... and now Cryptojacking!
We know well what you think when you see these words and you ask yourself I have nothing to do with these technologies why should I care?
As of March 2018, the market capitalization for cryptocurrencies exceeded $ 264 billion and has become the new target for cybercriminals.
In summary ... if you have a website, then you need to know how to protect your website and your visitors from hackers.
Cyptocurrencies, Mining and Cryptojacking 101
Almost everyone is talking about the rise of cyptocurrencies like bitcoin, ethereum and Zcash. But what you really need to know is how these currencies can affect you? With regular money, there is a central bank that authorizes the issuance of new bills and like any man-made system, it is prone to corruption. We researched and looked at the world of digital money, also known as cyptocurrency, designed to be absolutely secure and anonymous. Cryptocurrencies allow users to make secure payments without having to go through banks. Generated through a process known as "mining," or cryptomining, transactions are verified and added to blockchains (digital ledgers) to prevent cheating, fraud, corruption and the like. Verification of these blockchains requires massive CPU power to the extent of a warehouse complete with floor-to-ceiling computers and the titanic electricity bill that follows. As payment for these huge costs, traders for each transaction pay cryptocurrencies as cryptocurrencies as fees. Sounds fair enough, doesn't it? Payment for services rendered. Well, it also sounds fair enough for the cybercriminals, minus the warehouse, minus the hardware and minus the electricity bill. This is where you come in and this is where you get cryptojacked! These cybercriminals target computers, servers and networks to mine cryptocurrencies using your resources, such as websites, computers and electricity. Basically, you pay for the resources and they reap the financial benefits, to the tune of millions of dollars! On April 4, 2018, an unknown hacker attacked the Verge cryptocurrency platform. The attack lasted a minuscule three hours, but unofficially reported that the attacker stole a whopping $ 1,373,544. The company has since updated the system with a patch to prevent further exploitation.How a Cryptojacker infiltrates
There are several ways hackers infiltrate a victim's computer to secretly mine cryptocurrencies. Cryptojacking requires no download, starts immediately and is completely undetectable. The undetectable nature by which it performs makes it the new stealth attacker in the cyber threat industry. In either case, the malicious code stealthily executes on victims' computers, stealing CPU resources and secretly mining cryptocurrencies for the hacker.Massive impact of Cryptojacking
Comodo Cybersecurity Threat Research Lab's most recent quarterly report stated, "During the first quarter of 2018, Comodo Cybersecurity detected 28.9 million cryptocurrency incidents." Also noting that "cryptocurrencies have become a favorite target for cybercriminals." In addition, the report described that the number of unique cryptominer variants grew from 93,750 in January to 127,000 in March, as shown in Figure 1 below. At the same time, ransomware activity decreased 42% from 124,320 to 71,540 from January to March. No one knows for sure how much cryptocurrency is mined by cryptojacking, but it definitely does not require significant technical skills. According to Digital Shadows' report, "New Gold Rush Cryptocurrencies Are the New Frontier of Fraud," cryptojacking kits are available on the dark web for as little as $ 30.Is there a cure for cryptojacking?
Cryptojacking is clearly a major concern for 2018 and the only way a user can notice that their devices are being cryptojacked is a slowdown in performance. Given that this happens to most of us at one time or another, it will leave us questioning ...Have I been cryptojacked?
As these attacks are continually evolving and are still in their infancy, one of the best solutions would be real-time monitoring of your website. But who has the time or the knowledge? There are some organizations with the network and monitoring tools or capabilities to analyze that information for accurate detection. One such service is cWatch Web and is backed by human intelligence and a team of cybersecurity analysts.So don't get cryptojacked! Protect yourself and your website with continuous monitoring and protection.Don't count on your existing endpoint protection tools to stop cryptojacking. Cryptographic code can hide from signature-based detection tools and desktop antivirus tools won't see them. And since you don't have a help desk or can't train it to look for the signs, implementing a monitoring solution might be your best option for detecting cryptomining activity.
