Crypto-jacking

Call center employees at their computers

Crypto-jacking is a form of cybercrime where malicious actors hijack computing resources to mine cryptocurrencies without the knowledge or consent of the device owner. This can occur through various means, including malware installed on computers, servers, telecommunications hardware, or mobile devices. The primary objective of crypto-jacking is to utilize the victim's computing power to mine cryptocurrencies such as Bitcoin, Ethereum, or Monero, generating profits for the attacker.

  • Decreased Performance: Victims may notice a significant decrease in the performance of their device, such as slower processing speeds or increased system crashes.
  • High CPU Usage: Crypto-jacking malware often consumes substantial CPU resources, leading to unusually high CPU usage even when the device is idle.
  • Overheating: Continuous and intensive CPU usage can cause the device to overheat, potentially damaging hardware components.
  • Unexplained Increase in Electricity Bills: Since crypto-jacking requires significant computational power, victims may observe a sudden spike in their electricity bills due to increased energy consumption by their devices.
  • Use Anti-Malware Software: Install reputable anti-malware software and keep it up-to-date to detect and remove crypto-jacking malware.
  • Update Software Regularly: Keep your operating system, web browsers, and applications updated with the latest security patches to prevent exploitation of vulnerabilities.
  • Use Ad-Blockers: Consider using ad-blockers and script-blocking extensions on web browsers to prevent malicious scripts from running crypto-mining code.
  • Monitor CPU Usage: Regularly monitor the CPU usage of your devices and investigate any significant spikes or abnormalities.
  • Educate Users: Educate users about the risks of clicking on suspicious links or downloading unknown files, as these are common vectors for crypto-jacking malware.
  • Disconnect from the Internet: Immediately disconnect the infected device from the Internet to prevent further communication with the attacker's command and control server.
  • Scan and Remove Malware: Use reputable anti-malware software to scan and remove any crypto-jacking malware present on the device.
  • Restore from Backup: If possible, restore the affected device from a clean backup taken before the crypto-jacking incident.
  • Reset Credentials: Change passwords for online accounts and cryptocurrency wallets to prevent unauthorized access by the attacker.
  • Monitor for Recurrence: Continuously monitor the device for signs of crypto-jacking recurrence and take proactive measures to prevent future incidents.
  • Report the Attack: Report the phishing incident to your organization's IT or security team and to the proper authorities.

References:

  1. Chickowski, Ericka. (Jun 20, 2022). CSOOnline. Cryptojacking explained: How to prevent, detect, and recover from it. Retrieved from  https://www.csoonline.com/article/564521/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html 
  2. Federal Trade Commission. (June 7, 2018).  Protecting your devices from cryptojacking | Consumer Advice (ftc.gov)
  3. Microsoft Threat Intelligence. (2023, July 25). Cryptojacking: Understanding and defending against cloud compute resource abuse. Microsoft Security. Retrieved from https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/
  4. SANS Institute Webcast. (16 Apr 2019). Cryptojacking - What is it? Where is it? How to protect against it?   https://www.sans.org/webcasts/cryptojacking-it-it-protect-it-110515/
  5. SANS Institute Webcast.  (31 May 2018). We pass the costs to you! An analysis of cryptomining and cryptojacking   https://www.sans.org/webcasts/pass-costs-you-analysis-cryptomining-cryptojacking-107565/