Cryptocurrencies are among some of the most valuable assets in the world today. As a result, there exists a desire for many people to get their hands on the valuable digital currency asset. Apart from purchasing cryptocoins from exchange platforms, cryptocurrency mining is another route to obtaining ownership of cryptocurrencies. Cryptocurrency mining is a process that requires a lot of computing power in order to solve the complex mathematical problems. As a result, a number of browser plugins have been developed that can siphon unused CPU resources from an unsuspecting user in a phenomenon called “cryptojacking.”
Cyber Threats to UK Business
Such is the threat being posed by cryptojacking activities that the U.K. National Cyber Security Centre (NCSC), the technology watchdog of the Government Communications Headquarters added cryptojacking to its list of cyber threats to UK business.
According to NCSC, cryptojacking is a significant concern and one that must be taken seriously. The report put forward the argument that the increasing interest in cryptocurrencies will only encourage intense forms of cryptojacking as desperate elements look to acquire cryptocurrencies by any means necessary.
The report, which you can download here as a PDF, says this about Cryptojacking:
The technique of delivering cryptocurrency miners through malware has been used for several years, but it is likely in 2018-19 that one of the main threats will be a newer technique of mining cryptocurrency which exploits visitors to a website. Throughout 2017, there has been an increase in cryptojacking (that is, using an individual’s computer processing power to mine cryptocurrency without their consent). In December 2017, Check Point reported20 that 55% of businesses globally were impacted by cryptominers.
Popular websites are likely to continue to be targets for compromise, serving cryptomining malware to visitors, and software is available that, when run in a webpage, uses the visiting computer’s spare computer processing power to mine the digital currency Monero. In February 2018, over 4,000 websites worldwide (including approximately 600 in the UK) secretly mined cryptocurrency through a compromised screen-reading plugin for blind and partially sighted people. The only way users may notice their devices are being cryptojacked is a slight slowdown in performance. Using an ad blocker or antivirus programme (which have features that block browser mining) is the best way to prevent this.
We assume the majority of cryptojacking is carried out by cyber criminals, but website owners have also targeted visitors to their website and used the processing power of visitors’ CPUs, without their knowledge or consent, to mine cryptocurrency for their own financial gain. In February 2018, a US online publication conducted a trial where its readers were advised that if they chose to block its advertising, the publication would use the reader’s CPU to mine Monero. It claimed this was to recoup lost advertising revenue when readers use ad blockers.
Cryptojacking Incidents are Increasing
According to the data published in the NCSC report, about 55 percent of business around the world were infected with crypto mining malware in December 2017 alone. The report also singled out Monero, the privacy-focused cryptocurrency as the most popular cryptocurrency being mined using the cryptojacking method. A large portion of the cryptojacking activities for mining Monero is being accomplished using the Coinhive plugin.
There are indications that the occurrence of cryptojacking isn’t slowing down. The report stated that over 4,000 websites have been infected with these cryptojacking malware. The malware was introduced into these websites as plugins for visually-impaired users. Part of the problem stems from the fact that it can be difficult to detect whether a computer has been cryptojacked. One useful indicator in knowing if your computer is being used to secretly mine cryptocurrency is that there will be a slight but sudden drop in performance.
Different Forms of Cryptojacking
The report did identify two broad types of cryptojacking; the one carried out by cybercriminals and the one carried out by website owners. Some website administrators have been known to infect their own websites with crypto mining malware that latches onto the computers of visitors, using their CPU to mine cryptocurrencies. These website administrators do this without the express consent and/or knowledge of their website visitors.
In order to shield computers from cryptojackers, users are encouraged to install browser plugins that prevent surreptitious crypto mining. In March, Microsoft Windows Antivirus successfully thwarted more than 400,000 cryptojacking malware attempts that occurred in less than a day.
A number of browser platforms have created plugins, add-ons, and extensions that can offer protection against cryptojacking.