Main Points to Consider
- Cryptojacking attacks are exploding in numbers.
- Cyrptojacking uses the computing power of hijacked computers to mine for cryptocurrencies.
- Cyrptojacking runs in the background slowing the system, increasing electricity usage.
- Illegally mined cryptocurrencies are laundered into the wallets of criminals.
- Preventive measures include training to avoid poor cyber hygiene habits.
Why Are They Attacking Me?
When presenting CyberFraud information to business groups and Senior Citizen groups, I am often asked “Why are they coming after me? The answer is threefold. First, the crooks want your money and Intellectual Property, and everybody gets that. Second, they want the Personally Identifiable Information (PII) of you, your clients, your customers, your kids, and your grandkids. Selling freshly stolen PII is very lucrative in underground criminal markets such as those found on the Dark Web. Third, they want your computers.
Illegally gaining access to your computers and cyber systems to plant Malicious Software (Malware) feeds a diverse array of scams. Malware can be designed to lock up your computers for ransom payments, known as Ransomware. The Malware is often used to lurk in the background to conduct reconnaissance on your business and personal habits for Business Email Compromise scams, the Malware can locate and extract your trade secrets, the Malware can turn your computer into a robot to conduct other cyber-attacks, or the Malware can plant back-doors allowing access to persons intent on damaging or destroying your systems.
What is Cryptojacking?
Ransomware attacks are now decreasing in numbers. This is not necessarily good news because the attacks still cause millions of dollars in losses and, the malicious software is changing and diversifying to avoid detection. So here comes Cryptojacking to overtake Ransomware as the top cyber threat.
Simply explained, Crytpojacking is the process of hijacking your computer to mine for cryptocurrencies. In our discussions of Bitcoin and other cryptocurrencies, we talk about the different ways you can obtain Bitcoin. Basically, you can get Bitcoin by exchanging fiat currency, such as U.S. dollars, to buy Bitcoin from exchanges or other persons; you can incorporate exchanging Bitcoin for goods and services through your business model; or you can mine for Bitcoins. Mining is the process of solving complex mathematical algorithms to obtain Bitcoin.
When Bitcoin first appeared in 2009, the mining process could be done on home computers. But each time an algorithm was solved, the next algorithm was more difficult. More computing power was necessary as the level of complexity continually increased. Soon, it became necessary to pool the resources of individual computers to solve the algorithms. The mining pools necessarily became larger and larger. The Bitcoin miners discovered that increased mining power required not only more computer capabilities, but also required more electricity to run the computers and the cooling systems to protect the computers from overheating.
To overcome this challenge, hackers are now hijacking our computers to mine for cryptocurrencies. The infected computers are banded together to harness the combined computing power for mining purposes. Voila, no expensive mining pools, no electric bills, little risk of detection, huge profits, and opportunities to launder illegally obtained cryptocurrencies into their own wallets.
Victims of Cryptojacking have noticed their devices slowing down, increased electric bills, and additional heat from their systems.
What Can I Do to Prevent Cryptojacking?
Cryptojacking hackers use techniques found in other computer intrusion schemes to overtake the computers. They exploit poor cyber hygiene practices such as opening unsolicited emails and attachments, clicking on suspicious websites, using corrupted apps, and identifying weaknesses in the cyber system itself. The best known preventative measures include updating software systems, immediate use of software patches, changing passwords, strengthening firewalls, continuous monitoring of cyber systems, and continuous training of individual users to recognize cyber attack vectors.
Conclusion: This seems like the same song in a different dance, doesn’t it? As we identify and beat down current threats, the bad actors come up with something new to poison our cyber environment. As we move towards a connected world in the Internet of Things, we can expect the scoundrels to develop and improve their attack capabilities. Al Capone would be proud of them.