How to Tell if Your System Has Been Cryptojacked

Credit: ID 130873879 © Djvstock | Dreamstime.com

Digital currencies like Bitcoin and Ethereum operate unlike any other financial system.

These cryptocurrencies have no central bank or government propping them up and instead rely on new technology known as blockchain, where transactions are tracked anonymously in real-time.

With big dog Bitcoin holding steady at around $100 billion market cap, it’s obvious that plenty of people are interested in the stuff. One way to earn free Bitcoin is by engaging in a computer resource intensive process called mining.

While special rigs have been developed to complete the complex computations that characterize mining, there remains an insatiable need for more computing power. This has led to a rise in a form of cybercrime known as cryptojacking, which can affect individuals and businesses alike.

Learn more about these attacks, as well as how to detect and prevent them.

Basics of Cryptojacking

In order to be a successful and profitable Bitcoin or Ethereum miner, a person must run software on several computers with high-end graphics cards. Doing so requires a great deal of energy, which can make it cost-prohibitive for a person to do mining on their own systems.

As a result, hackers have turned to cryptojacking to gain unauthorized access to external systems and secretly use them for mining. This allows them to earn credit from cryptocurrencies without having to pay for their own hardware or electricity and network usage.

Most cryptojacking attacks begin with a phishing scam over email or web pop-ups. They will urge the computer user to click on a link or install a piece of software. If the action is completed, the hacker will be able to run a mining tool in the background.

Some cybercriminals have also begun to launch cryptojacking attacks directly through online platforms. For example, the Drupal content management system has been a recent target of such hacks. If an attacker is able to upload data to a Drupal website, they may be able to remotely execute cryptojacking malware that could spread to the entire network of back-end servers.

Detecting a Cryptojacking Attack

One of the most dangerous elements of a cryptojacking attack is the fact that it can be largely invisible, unlike ransomware hacks that appear on-screen. You will rarely see evidence of mining malware in the Windows Task Manager or other operating system tools.

The task of detecting cryptojacking attacks must be shared by everyone within an organization who uses a computer or mobile device, not just the IT security team. Training sessions should be mandatory for all users with information about how cryptojacking attacks are launched and spread.

Watch CPU Usage Skyrocket

When unauthorized mining software runs on a computer, the first indication of a problem is usually CPU usage or physical temperature in the form of heat. That's right, if you're concerned you may have accidentally clicked a suspicious link or opened a malicious email attachment, you should check the heat of your desktop or laptop throughout the day.

Check your CPU also. If it usually putters along at a modest number but suddenly shoots up to 95% and stays there, it’s time to get suspicious. Processors on standard consumer machines are not meant to run wide open for extended periods of time. Without beefed up cooling fans, they’ll make the whole system hot to the touch.

If you are only running basic applications on your computer with low CPU usage but can feel a lot of warmth coming from the hardware, then it may be an indication of mining software running in the background. Internal fans will also spin faster and louder when trying to cool down a hacked system, and other processes and application will typically slow down.

High Level Detection

At a higher level, an organization's IT team can deploy solutions to monitor network traffic and code changes for potential cryptojacking vulnerabilities. There are tools built with artificial intelligence that will scan all incoming and outgoing network requests and raise an alarm when mining has been detected.

As soon as a cryptojacking attack has been detected and verified, all nonessential systems should be taken off the network immediately to minimize the spread of the malware and allow IT teams to focus on the infected hardware.

Protecting Against Cryptojacking

The best defense against cryptojacking hacks is to have well-trained employees who are aware of the risks and pitfalls. Members of your organization should be on the lookout for suspicious emails and browser pop-ups that lead to rogue websites or executable files.

Also, key internal systems should be blocked from outside traffic. For employees working remotely, the type of encrypted connection offered by a virtual private network (VPN) should be mandatory. This will render indecipherable all data being sent from the user's remote location when connecting to an internal website or database.

Because cryptojacking attacks are often launched through pop-up advertisements on the web, it's recommended that you invest in ad-blocking software and browser extensions that can be pushed out to all computers on your network.

These tools will check each web request for JavaScript-based code that may be related to a known cryptojacking vulnerability. Once detected, the dangerous content will be blocked and hidden from view.

Many antivirus solutions are now adding support for cryptojacking protection. This is good news, but to take advantage of it, you need to be sure to keep your organization's virus scanning tool up to date on a regular basis. This will ensure that the scanner has the latest list of cryptojacking sources and can correctly monitor your local system for suspicious processes.

It's also important to remember that although desktops, laptops, and servers are the most common target for cryptojacking schemes, hackers are also executing such attacks on mobile devices such as smartphones and tablets. The malware is commonly spread through a mobile browser advertisement that will install a malicious script without the device's owner being aware of it.

Final Thoughts

IT teams should consider instituting a mobile device control policy that restricts what types of phones and tablets people can bring onto the shared network. A major risk of cryptojacking attacks is that once a single device has been compromised, it's only a matter of time before the malware spreads and infects other systems.

The bottom line is these cryptojackers aren’t playing around and neither should you.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Sam Bocetta

Latest Videos

More videos

Blog Posts