An increasingly common type of cyber attack called cryptojacking occurs when hackers seize control of a computer's resources to mine for cryptocurrency cyber attacks. Cryptomining is a background process, and therein lies the menace—outside of their computer running a little slower than usual, a user might not know that their processing power is generating cash for someone else.
How cryptocurrency cyber attacks work
Cryptojacking attacks often look like malware and phishing attacks: a fake but legitimate-looking email containing a link that activates a malignant code. But instead of locking up or damaging a user's files, the code places a cryptomining script on the computer.
Hackers also inject scripts onto websites or into ads displayed on several websites. Site visitors become unwitting victims: The script automatically executes, forcing the target computer to run complex mathematical equations (in the background) and send the results back to the perpetrator.
Hackers often attack with both malware and phishing to maximize their chances of success. In a widespread attack, attackers need only a small percentage of their scripts to stick to make it worth their while.
The damage so far
A single cyber attack on cryptocurrency might only affect one user. But simultaneous attacks can wreak massive havoc.
Successful cryptocurrency cyber attacks on a wide network of computers and servers can lead to performance issues and network availability, interfering with organizations' day-to-day operations. Such attacks would also cause hijacked devices and network infrastructure to consume more electricity, spiking utility bills and increasing wear and tear on the equipment.
The worst-case scenario? Operations are ground to a halt, costing your company customers and revenue.
One of the most high-profile examples of cryptojacking came in 2017 with the launch of Coinhive, a service that let websites use their visitor's computers to mine cryptocurrencies. Coinhive recommended websites using its service make visitors aware that their browsers were being used to mine cryptocurrencies, but such websites rarely disclosed that they were using the service, and consent was rarely given. Cyber criminals got on the bandwagon and integrated Coinhive into their attacks.
Another high-profile cryptojacking exploited mourners of the late Kobe Bryant in 2020. Cyber criminals hid malicious HTML code inside a desktop wallpaper image of Kobe Bryant that connected victims to a website hosting a cryptojacking script.
Protecting your business
To defend against cryptocurrency cyber attacks, organizations can implement several layers of defense and best practices to deflect the tactics used by attackers.
Ad-blocking software and script blockers are effective against browser-based attacks. So is disabling JavaScript. And incorporating cryptojacking scenarios into regular cybersecurity awareness training helps users recognize the phishing-like social engineering techniques cyber criminals use.
From an IT management perspective, keep the software and firmware up to date on all your endpoints to put the organization in a position to better prevent cryptojacking. Your company's website could also become a launchpad for cryptocurrency cyber attacks, and cyber criminals could take advantage of your compromised site and cause additional damage. Keep the software used to create your website up to date to shore up your website's defenses.
Ultimately, cryptojacking is another prevalent threat that should be part of your regular file integrity monitoring and your existing security policies.
Learn how Verizon's mobile device management solutions can help protect more than your mobile devices.