Edit Module
Bookmark and Share Email this page Email Print this page Print Pin It
Feed Feed

Jun 5, 201811:54 AMOpen Mic

Send us your blog for consideration!

Threat of cryptojacking can be overpowering

​Nearly everyone has heard about bitcoin by now, even if you don’t really understand how to mine for it. Bitcoin — and its dozens of competitors — is a new class of currency called “cryptocurrency.” These digital currencies are paid as a reward for digital mining, an activity that is like mining for gold in the physical world.

The problem with cryptocurrency mining is that it takes a lot of computer power — more than most people have to spare. So, there is a new threat to the operational potential of computers — personal computers at home and, even more so, banks of computers or computer networks in a business environment. That threat now has a name: cryptojacking.

Cryptojacking is essentially a hijacking of your personal or business computer resources. It is malware that secretly and silently uses these resources for cryptomining purposes. Since it takes massive computer resources to make any real money with cryptomining, cryptominers have discovered that by splitting up the processing into small chunks across numerous machines they can amass the large amounts of computer power needed to earn worthwhile volumes of cryptocurrencies, which are worth varying amounts of money depending on the type of currency mined.

Here’s how it works:

Savvy hackers commonly embed cryptojacking malware inside the JavaScript code on otherwise normal, safe web pages. When a user opens an infected website, their computer begins to run small bits of code that confiscate computer resources from that user — and in the vast majority of cases, this happens without the user’s knowledge or permission. In other words, cryptojacking steals your computer power and resources in order to do the heavy lifting of cryptocurrency mining on behalf of the miners so they don’t have to invest in the computer systems to do it on their own.

Clearly, this is a problem for individual and business users alike. In the business world, cryptojacking impacts computer performance, and when spread across numerous users or even the corporate network, it can have a direct impact on the business’ overall productivity and cause untold headaches for the IT department in trying to determine what is going wrong. But take heart; there are some proactive steps you can take to combat this threat.

What can you do to stymie cryptojacking?

  • Renew your focus on patching: Staying up to date with patches is extremely important in the fight against any kind of malware, and cryptomining is no different. Focus in particular on Windows and third-party patches, especially web browsers, so you don’t give cryptominers a key to your computer’s back door.
  • Scan for viruses: While patching helps prevent malware attacks, they do still happen. It’s also critical to keep your anti-virus programs up to date and to run frequent full-system scans. This is a good practice, whether you’re concerned about cryptojacking or not.
  • Clean up browser histories: Okay, this may be a little tough, especially in a corporate setting, but you should consider purging the browser extensions of each user when they are no longer using them. A little easier for users to grasp and do on their own: Close or exit web browsers that are not actively being used. When they’re closed, they aren’t depositing malware code onto your users’ systems — or gaining access to your network’s infrastructure.
  • Know with whom youre communicating: Since cryptominers are depositing malware on trusted sites, it’s often hard to avoid becoming infected with cryptojacking code. But there are a few safeguards you can put in place — personally and professionally — to better clarify with whom your own personal computer as well as your business users’ computers are interacting. Start by implementing a browser ad blocker. Many can be turned on and off at will, so this shouldn’t be met with too much opposition from your organization’s users. Next, add some URL filtering and use a network monitoring solution so you have more control over and visibility into exactly what is taking place behind the scenes.

Chad Knaus is an IT systems engineer with SRC Technologies in Green Bay. He has nearly 20 years of experience working with companies and schools on developing, maintaining, and supporting technical infrastructure and system hardware and software, including data security.

Click here to sign up for the free IB ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.

Add your comment:
Bookmark and Share Email this page Email Print this page Print Pin It
Feed Feed
Edit Module
Edit Module