As the development of crypto currency technology, the emergence of Cryptojacking cases began to mushroom. No one knows for sure how much crypto money is mined through Cryptojacking, but there is no doubt that the practice is rampant. Browser-based Cryptojacking practices have grown enormously with some cases already revealed by the media. In this article, the author will discuss what is Cryptojacking and how to solve it.
Basically, Cryptojacking is a practice of illegally using someone else's computer to mine crypto money. Hackers usually take this action by directing victims to click dangerous links in e-mails or online advertisements that contain crypto mining codes. Cryptojacking actors can also infect websites or online advertisements with JavaScript code that runs automatically, after being loaded in the victim's browser.
advertisement
Furthermore, the crypto mining code works quietly on the victim's computer, so there is no suspicion from the victim even though the computer's performance suddenly becomes slower.
Why Does Cryptojacking Case Continue to Increase?
Easy Way to Get Money
Last November, Adguard reported that Cryptojacking's growth rate in the browser reached 31 percent. From the research, it was found that about 33,000 websites have run crypto mining scripts. Adguard estimates that the site has an average of one billion monthly visitors. This February, Bad Packets found 34,474 sites running Script Coinhive, the most popular JavaScript miner which is also used for legitimate crypto mining activities.
"Crypto mining is still in its early stages. There is plenty of room for growth and evolution," said Marc Laliberte, an analyst with network security solutions provider WatchGuard Technologies. He also noted that Coinhive is easy to use and generates 300 thousand USD in the first month. "Its growth is still increasing, it's really a way to get very easy money," he said.
In January, researchers discovered the Smominru botnet mine, which infected more than half a million machines in various countries including Russia, India and Taiwan. Botnet is targeting Windows servers to mine Monero, and the Cybersecurity Proofpoint firm estimates that this activity has generated a profit of 3.6 million USD by the end of January.
Easy To Learn And Cheap
Cryptojacking does not require technical skills that are difficult to learn. According to reports from Digital Shadows, Cryptojacking kits on the dark web sell for only 30 USD.
Has Small Risk
The simple reason why Cryptojacking is becoming more popular is: the possibility to get more money with little risk. With ransomware, the profit-gaining ratio is 3 out of 100 infected computers. While through Cryptojacking, all infected computers will work to mine crypto money.
The risk of being caught and recognized in the case of Cryptojacking is also much smaller compared to ransomware. Crypto mining code runs quietly and can be hidden for a long time. Even after it was discovered, it was very difficult to trace it back to the source, and victims rarely investigated it because nothing was stolen or encrypted. Because of this, hackers tend to prefer crypto money like Monero and Zcash, rather than Bitcoin which is more popular and easier to track.
How Cryptojacking Practices Work
Hackers have two main ways to target victim computers:
Deceiving victims into entering cryptomining codes into their computers. The trick is with the phishing method, ie send an email that convinces the victim to click the link. The link runs code that places cryptomining scripts on the computer. After that, the script will run in the background when the victim's computer is working.
Inject scripts on websites or ads, then sent to multiple websites. Once a victim visits a website or an infected ad, the script will run automatically. No code was stored on the victim's computer.
Whichever method is used, the code runs complex mathematical problems on the victim's computer and sends the results to the server that is controlled by the hacker.
Unlike most other types of malware, Cryptojacking scripts do not damage the computer or victim data, but only steal CPU processing resources. For individual users, slower computer performance may not be too annoying. However, if an agency is exposed to the practice of Cryptojacking, it will certainly cause huge losses for the cost of repair and maintenance of equipment, as well as spending time for the IT team to track actual problems.
How to Prevent Cryptojacking?
Understand that Cryptojacking can come from anywhere, including phishing or from suspicious links. Never carelessly click on URLs or advertisements that are not clear.
Install ad blocking or anti cryptomining extensions on Browser. Because Cryptojacking scripts are often sent via web ads, installing an ad blocker can be an effective way to stop it. Some ad blockers like Ad Blocker Plus have the ability to detect crypto mining scripts. Laliberte recommends extensions such as No Coin and MinerBlock, which are designed to detect and block cryptomining scripts.
Use endpoint protection that can detect crypto miners. Many endpoint antivirus vendors have added crypto miner detection to their products.
Always update your web filtering tool. If you identify a web page that sends Cryptojacking scripts, make sure the User is blocked so that you cannot access your computer again.
Note the browser extension used. Some attackers use dangerous browser extensions, or tamper with legitimate extensions to run crypto mining scripts. It is hard to recognize, so it takes care to know it.
Use a mobile device management (MDM) solution. Bring-your-own-device policy (BYOD) can be a solution to prevent illegal crypto mining. MDM solutions can help manage apps and extensions on users' devices.
MDM tends to be directed to larger companies, because smaller companies often can not afford them. Like ransomware, Cryptojacking can affect the company's business even though the best efforts have been made to stop it.
Detecting it may be difficult, especially if only a few systems are threatened. Relying on endpoint protection tools to stop Cryptojacking is sometimes not enough, because crypto mining codes can be hidden from signature-based detection tools, so antivirus programs cannot detect them.
Train sensitivity in recognizing crypto mining signs. Sometimes the first indication is the performance of a computer that suddenly slows down. From here, you can already do the above handling steps to anticipate Cryptojacking attacks.
Apply network monitoring solutions. Cryptojacking practices are easier to detect in corporate networks than personal computers, because these illegal practices are easily detected through network monitoring solutions.
Monitor your own website from the crypto mining code. Cryptojacking actors often find ways to place Javascript code on a web server. The server itself is not a target, but anyone who visits the website is at risk of being infected. Therefore, regular monitoring of file changes on the web server is highly recommended.
https://www.seputarforex.com/artikel/apa-itu-cryptojacking-dan-bagaimana-cara-mengatasinya-284657-38
Coins mentioned in post:
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit