Thanks to the popularity and press around cryptocurrencies such as Bitcoin, cyber criminals have already found ways to use your PCs and laptops to help them earn more money. Here’s everything you need to know about cryptojacking and how to prevent your business becoming a victim.
It’s hard to remember a trend that took over security headlines as rapidly as cryptojacking has this year. But is it just another threat to add to the growing list, or something greater? While some are touting it as the top cybersecurity threat in 2018, others consider it more the flavour of the week. Regardless of whether it represents a major concern or a passing trend, it’s important that small business understand what cryptojacking is, how it works and most importantly how to protect themselves against it.
What is cryptojacking and how does it work?
To understand cryptojacking, we need to understand cryptomining. Much like mining for gold, with cryptomining there are millions of crypto coins in existence that are ‘buried’ or unavailable. What miners do is find them by solving complex algorithms using powerful computing power gained from multiple computers all working together. Once they’re verified, the miner is rewarded with the crypto coins.
Cryptojacking is malicious cryptomining. The crooks get code onto your devices without your permission to mine for cryptocurrency using your equipment and your resources. All cybercriminals have to do to make money through cryptomining is steal computing power – from any user – to solve the algorithms and find the crypto coins. Simply put, you do the work, pay for the electricity and hardware, and they pocket the rewards.
Cryptojacking can manifest in two different ways. A cybercriminal can get the victim to click on a malicious link in an email that installs crypto mining code or the computer, or by infecting a website with a code that starts as soon as the victim visits the site.
What are the implications of cryptojacking for small businesses?
Cryptojacking might sounds relatively harmless at first – it doesn’t need to read your personal data, or even to access to your file system, it just uses your computing power. However, the downsides are still very significant:
- Unbudgeted operating expenses from powering computers to work for someone else ie; increased electricity bills and greater wear and tear on your PCs.
- Opportunity costs because legitimate works gets slowed down. You think your computer is slow now, wait until you get cryptomining software on it!
- Security risks from who-knows-what untrusted programs and network connections.
- Reputational and regulatory costs of reporting, investigating and explaining the cryptomining activity, especially in light of the recent GDPR regulations that came into force this year.
- Ethical concerns of allowing employees to mine using your resources.
Those risks are real, and you need to decide if your business can afford to ignore these risks. Your business needs to form an opinion on what is your policy on cryptomining. Some businesses allow employees to legitimately use company resources to mine. However, given the security, reputational, and regulatory issues that in-house cryptomining poses to a business, and the difficulty in distinguishing between legitimate vs. malicious mining, many businesses have a default position not to allow it at all.
How would a business know if something was installed on their computers?
It’s hard for your IT manager or team to know whether you’ve been cryptojacked, but one tell-tale sign is a soaring electricity bill. Other ways you can tell if you’ve been cryptojacked could include a slow network and sluggish PCs. Also you may notice a spike in CPU consumption. There’s usually a physical reaction to a miner being on your machines.
How can small businesses protect against these types of threats?
There isn’t one specific thing you can do to stop cryptomining attacks. Just like protecting yourself against ransomware, you need to take a layered approach to protection and have good security hygiene:
- Stop cryptomining malware at every point in the attack chain.
- Prevent cryptomining apps from running on your network.
We also recommend that you maintain good security hygiene including:
- Keep your devices patched to minimize the risk of exploit-related attacks
- Use mobile management technology to ensure that native mobile apps aren’t present on your mobile phones nor tablets
- Educate your team that Cryptomining is not an acceptable use of company resources or power
- Explain to your team the traditional attack vectors of malware such as phishing and how they can protect themselves
- Maintain a strong password policy
- Back up regularly and keep a recent backup copy off-site
- Secure your computer with advanced real-time security protection.
The Sophos Group is a leading global provider of cloud-enabled enduser and network security solutions, offering organisations end-to-end protection against known and unknown IT security threats through products that are easy to install, configure, update and maintain.
The Group has more than 30 years of experience in enterprise security and has built a portfolio of products that protect more than 260,000 organisations and more than 100 million endusers in 150 countries across a variety of industries.