Cryptojacking: Concealed Crypto-Mining Could be Costly

by | Jun 22, 2018 | Security | 0 comments

The only thing consistent about the tactics hackers use is that they always change. Ransomware was the main emerging threat to businesses over the past two years, but it is already starting to decline. Ransomware volume dropped in the first 3 months in 2018. Knowing that the cybersecurity space is growing exponentially, this signals that there are new threats developing on the horizon. One of these threats leverages an emerging unregulated technology: blockchain.

Blockchain is the foundation on which all cryptocurrencies are based. It is how these currencies are able to exist without a central bank as each computer in the blockchain validates every other computer’s digital records. Whether Bitcoin, Ethereum, or Dogecoin, all cryptocurrencies are fundamentally based on this technology. Decentralized digital currencies can be ‘mined’ with computer calculations to produce value for crypto-miners. Unfortunately, crypto-mining takes an inordinately large amount of computing power to be profitable. This is where the threat comes in.

Cryptojacking malware, an emerging attack vector, has seen truly remarkable growth during the first few months of 2018

Bad actors can infiltrate your system and use your organization’s computing power to mine for their cryptocurrencies. This malware is typically executed through a script loaded into a web browser that steals your company’s unused CPU cycles. These stolen workstations then perform crypto-mining calculations, secretly producing money for the hackers. The worst part? Unlike ransomware, cryptojacking relies on remaining undetected. Cryptojackers have determined that a hijacked system, leveraged properly, can be a long-term profitable venture. But, to leverage the system properly, cryptojacking must remain concealed.

Even with the lack of reporting, cryptojacking is clearly replacing ransomware as a critical threat to businesses. According to Fortinet, cryptojacking malware has grown from impacting 13% of all organizations in Q4 of 2017 to 28% of companies in Q1 of 2018, more than doubling its footprint in three short months. Cryptojacking isn’t a problem that is going away – it effects 1 out of 4 organizations.

Further complicating the situation, encrypted data is now almost 60% of all network traffic rising another 6% in the first part of 2018. As bad actors increasingly use SSL and TLP encryption to hide malicious code or to exfiltrate data, inspecting encrypted traffic is the only way to detect cryptojacking. Many legacy threat detection devices and signature-based antivirus tools currently in place don’t have the horsepower necessary to adequately inspect all encrypted traffic without crippling network throughput. Put simply, current systems have so much traffic, it is hard to find (and stop) the cryptojacker’s hijacked CPU cycles.

Cryptojacking is just one of many tools that bad actors can employ to attack your business; the cyber threat is constantly growing and changing rapidly. Staying current on all of the methods that can be leveraged to hurt your business is paramount to protection. For a monthly refresh about the threat environment, attend Peters & Associates’ This Month in Cyber Security webinar. For help in assessing your security environment and remediating threats, reach out to our cybersecurity experts at or call 630.823.0075.