Safety in the cryptocurrency sector is a concerning topic despite the blockchain's resilience. Given crypto's surging popularity, safeguarding assets is critical regardless of individual usage. While some crypto users only keep enough for small payments at a time, others conduct large trades or make substantial investments with considerable value.
Many people invest in crypto by searching for the best coins to buy now, carefully deciding on their purchases based on several factors, including functionality, earning opportunities like staking, price history, and future potential. However, despite all of these opportunities in crypto, inadequate security can have far-reaching effects on individuals and organizations alike.
What is Cryptojacking?
Cryptojacking is a type of cyber attack where criminals remotely hijack devices to use their computational power for crypto mining. Ordinarily, the process of crypto mining is cost-intensive because it requires heavy computing power from specialized and expensive mining hardware. In addition, these machines consume a substantial amount of electricity, much more than many households need.
Cybercriminals use cryptojacking to avoid mining costs. Instead of acquiring their own devices and paying the high electricity costs, they use malware to compromise unsuspecting user devices to secretly seize computational power.
Cryptojacking Prevalence
Cybersecurity platform SonicWall published figures that show the increasing rate of cryptojacking over the years. According to the publication, there was a 43% year-over-year (YoY) increase in cryptojacking attempts in 2022. This pushed the volume of attacks to a new record high of 139.3 million by the end of the year. The figure is a 43.2% increase from the 97 million attempts recorded the year before and the first time the volume of cryptojacking attempts crossed the 100-million mark. At the time, the report attributed the increase to a change in interest from ransomware groups, with at least one publicly announcing their decision to abandon ransomware operations for cryptojacking. Interestingly, there was a 21% YoY reduction in ransomware attacks in 2022, suggesting that other ransomware groups did the same.
The report also indicated increases measured by targeted regions. For instance, the volume of cryptojacking attempts in North America rose by 340% in the first half of 2022, with incidents in Germany and the UK rising 139% and 479%, respectively.
Reported figures were much worse in 2023, as the number of attempts in the year had surpassed 2022's total by April. For the first half of 2023, cryptojacking attempts hit a staggering 332.3 million, representing a 399% increase. In January alone, a group of cybercriminals created 130,000 accounts across several cloud service providers (CSPs) and virtual private server (VPS) providers to exploit GitHub Actions workflows for cryptojacking. SonicWall also reported that there were 77.6 million hits in May 2023, more than the full-year totals for 2018 and 2019 and the mid-year totals for 2020, 2021, and 2022.
By industry, the average percentage of retail customers targeted monthly in the first half of the year more than doubled in the retail sector, from .06% to .3%. While attempts at finance customers jumped 4.7x, healthcare and government customers rose 69x and 8x, respectively. The education sector had the largest spike, with customers targeted in 2023 320 times more than they were in 2022.
Factors Contributing to Increased Cryptojacking Attempts
- Detection Difficulty: One of many reasons cryptojacking is now prevalent is the difficulty in detection. In many cases, victims are alerted to the presence of malware in ransomware attacks. However, cryptojacking malware can operate silently in the background for a long time without detection. Victims are usually unaware until there is a significant reduction in performance or a spike in energy costs.
In 2018, hackers hijacked Tesla's cloud system and used it to mine cryptocurrency. They gained unauthorized access to the carmaker's Kubernetes administration console (a cloud optimization application) as it was not passworded. They then installed a crypto mining software program, Stratum. Cybersecurity firm RedLock, who announced the breach, said it was impossible to identify the culprits or determine how much they mined.
- Crypto Popularity: The crypto sector is enjoying increased attention as the value of digital assets rises. Unfortunately, this makes the industry a prime target for cybercriminals exploiting unsuspecting users in different ways. In addition to other forms of hacks and breaches, criminals interested in earning via mining prefer to hack devices remotely instead of incurring associated costs.
- Relative Ease of Attacks: Cryptojacking attacks are easier on average, especially when compared to other types of cyber crimes. People familiar with the dark web can purchase cryptojacking kits to launch attacks without extensive technical knowledge.
- Lack of Awareness: Many individuals and organizations are aware of threats and scams in the crypto sector but do not know how pervasive cryptojacking is. This lack of awareness means that the entities do not deploy adequate security measures to defend against these attacks.
One of the largest cryptojacking incidents is the spread of the Smominru botnet first discovered in 2017. The botnet infected more than 500,000 devices (some estimates say it is closer to one million) globally, with Windows servers as its primary targets. The Smominru botnet was used to mine Monero (XMR) and successfully earned millions of dollars worth of crypto for the culprits.
- Remote Work: In recent years, remote work has become a lot more popular. Many employers allow staff to work from home some days of the week, while others do not require an employee's physical presence at all. This means that there is an increasing number of personal and official devices connected to several networks for work purposes. Unfortunately, remote work increases the risk of a security breach and gives cryptojackers a larger range of targets.
Protecting Against Cryptojacking
Due to the increase in cryptojacking attempts, individuals and organizations must be proactive in protecting their devices and networks by following some of the following strategies:
- Monitor Network Traffic: Cryptojacking malware can be difficult to prevent or detect. However, regular network traffic monitoring can help users identify abnormal network patterns.
- Educate Employees: Companies must raise awareness among employees and educate them on the risks of cryptojacking. There should also be regular training to help employees learn effective cybersecurity practices, especially the quick identification of unusual network or device patterns.
- Deploy Robust Security: High-end antivirus or antimalware software can help users detect and block cryptojacking scripts before they are installed. Users and companies must also conduct extensive research to find software designed to detect cryptojacking malware and install these programs on all networks and devices.
- Software Updates: Regularly updating all security software with up-to-date patches is critical to protect against vulnerabilities. Many cryptojacking malware exploit known vulnerabilities to gain access to devices before installing the malware. Keeping all systems secure is an excellent way to prevent cryptojacking attempts and unauthorized access.
- Resource Management Limitations: Organizations can implement resource management strategies that limit the amount of processing power a device can use. IT administrators can install programs that help enforce resource restrictions such that devices do not surpass predefined limits or trigger alerts when they do.
- Use Artificial Intelligence (AI) and Machine Learning (ML): Artificial intelligence can be applied as a powerful tool to detect cryptojacking malware by analyzing large amounts of data to identify anomalies. Through ML, systems also improve their ability to detect these attempts even as attack methods evolve.
Conclusion: The Future of Cryptojacking
The likelihood of increased cryptojacking attempts is high, especially as crypto's popularity increases and the value of several assets rises. Organizations and individuals must consider a multi-pronged approach that includes network security, extensive monitoring, and in-depth education to defend against threats.