Is your computer draining its battery in an inexplicable and unusual rate? It may be a victim of cryptojacking. Cryptojacking is a form of cyberattack wherein a hacker remotely hijacks a computer’s processing power for the purposes of creating cryptocurrency, such as Bitcoin and, more recently, Monero.
How does cryptojacking work?
To understand the motivations behind cryptojacking, we should first understand the concepts behind cryptocurrency and “mining.” Cryptocurrencies are digital or virtual currencies that utilize cryptography — encryption — for security. They are not issued by any central banking entity, rendering them immune (theoretically) to government interference and manipulation.
Cryptocurrency is generated by “mining,” which essentially involves a computer solving complex math problems to validate transactions and for this effort, successful miners receive new currency as a reward. In simple terms, cryptocurrency is generated after a miner solves a complex mathematical puzzle, after other miners agree that the solution is correct, and after the solution string is cryptographically added to a virtual ledger called a blockchain. Some miners pool dozens of computers to solve more problems and get a bigger reward. And that's why they want to hijack your computer.
According to research from AdGuard, during the three-week span in September 2017 when cryptomining went viral, 220 of the top 100,000 websites experienced some form of cryptomining attack. These websites put over 500 million users at risk because of the browser exploitation, and were able to generate over $43,000 in that three-week window for little-to-no cost.
What problems does cryptojacking create?
Many computer users have complained that their processors have been using up to 85% of their capacity with less than 10% left for normal operations, and this was typically accompanied by a significant battery drain. The crucial weak spot that cryptojackers have exploited is Windows’ remote administration toolbox, specifically Windows Management Instrumentation (WMI).
Tech outlets have been careful not to label all cryptojacking efforts as criminal activities, although they do involve intrusive acts of grabbing spare processing power for their own gains. This is because perpetrators are often 100% upfront that their websites do it, claiming that it allows them to remove annoying ads without sacrificing revenue. Ultimately, however, they’re always about stealing your computing power for their own gain.
Here are some security tips you should ponder:
#1 Prevent the threat
As the old proverb goes, an ounce of prevention is worth a pound of cure. Ad blockers, anti-malware programs, and mining blocker extensions all keep cryptojackers at bay, but they’re only effective if you can keep them up-to-date and running. A strong defense wall is only as good as the attention given to it — which is why you need firewalls, intrusion prevention systems, and network monitoring solutions managed by experts.
#2 Minimize possible exposure
Another critical solution is user training and URL filtering. You can't expect all your employees to remain constantly up-to-date with web browsing best practices, which is why it's a good idea to have a managed IT services provider (MSP) customize a program for your team. MSPs can help alleviate the hassles of minimizing the exposure of your computers. Quicktech can even implement two-factor security protocols to ensure that only authorized users are allowed access to certain facilities.
#3 Exercise diligence
Your cybersecurity success banks upon your ability to diligently back up, regularly monitor, and maintain your cybersecurity measures. The key to this is to automate updates, utilize scheduled scans, and run manual periodic system checks. Those tasks on their own will eat up a lot of an in-house technician’s time, which is why a growing number of Vancouver businesses are increasingly turning to MSPs for help.
Your MSP should always be on top of things, and a reliable MSP like Quicktech provides on-demand and scheduled vulnerability analysis, as well as industry regulation compliance measures.
We’ll do it for you
We take your security very seriously at Quicktech. Our technicians provide intuitive and reliable services, and our passion lies in the understanding that an effective service is one that is constantly improving. Your peace of mind is our peace of mind. Let our experts handle the dirty work of IT security. Give us a call today.