Cryptojacking uses malware to turn thousands of computers into cryptocurrency miners without the knowledge of the owners. In this article, we will show you how to protect yourself from it.
Cryptojacking, on the other hand, is not heard so often and not so much. Largely because many people do not even notice that it is happening.
The attack on computers is carried out through a web browser – the main signs of a compromised computer are slow operation, high consumption of processor resources and high speed of the cooling system.
An example is data published by independent security researcher William DeGroot. He stated that “all 2,496 sites he monitored are using outdated software that has security vulnerabilities that have been exploited by attackers to compromise. They added code that quietly made the processors of visitors to sites for mining Monero cryptocurrency work. ” Another example is pass-through cryptojacking, where a hidden popup continues to work even after the site is closed.
To protect yourself from this phenomenon, you must follow a few simple rules, they are called network hygiene.
Regular updates of all programs, especially anti-virus programs. Antivirus databases are often replenished with the most recent signatures, including those of crpiptojacking programs.
Do not download suspicious programs from unknown resources, do not install them on your computer. If you are an advanced user, then use exclusively virtual machines, sandboxes for new unknown programs.
Do not turn off the security function in your browser, install additional security extensions. They help to instantly recognize cryptojacking scripts, and you will be able to close malicious sites faster.
Do not ignore the recommendations and warnings of security systems, as well as news digests from antivirus companies.
It only seems that nothing will affect you, in fact, already now, most likely, your computer is wasting resources, earning cybercriminals money.
Server attacks are performed in the same way as in the case of the previously described botnets, but with certain peculiarities. Applications such as Minergate and Smominru are used instead of spam, ransomware or DDoS attacks. Applications run quietly and smoothly, regularly receiving new blocks of data and checking for performance.
Data for processing may come through spam emails that contain attachments, including infected Word documents. Most of the attacks target servers with RDP support and Internet access, which have weak passwords and do not support multi-factor authentication. Tools, including Shodan, show how widespread Internet-facing servers are.
Early detection is a very important precondition for effective fight against cybercriminals. The first thing to look out for is the increase in processor resource consumption. IT professionals need to set limits for them so that administrators are notified if they are exceeded. Alerts should be sent regardless of the name of the processes – the digital parasite tends to go unnoticed and can pretend to be a system service or process. In addition, the most cunning attackers can tune the processor in such a way that nothing will be noticeable, so IT professionals need to establish baseline values for processor operation parameters and quickly determine deviations from these values.
Particular attention should be paid to whether the cryptominers managed to compromise the superuser accounts.
For both on-premises and cloud environments, regular, automated and notifiable asset validation is essential.
The check should search for unregistered machines, especially those with a large number of processors.
Particular attention should be paid to whether the cryptominers managed to compromise the superuser accounts. For both on-premises and cloud environments, regular, automated and notifiable asset validation is essential. The check should search for unregistered machines, especially those with a large number of processors.
The symptoms of all computers on which the hidden application is installed are approximately the same. The first is the increased resource consumption of the central or video processor. Moreover, there seems to be no really open programs, and the processor is strained by almost 80 percent. As a result, the processor temperature rises, the fan starts to rustle noticeably louder and does not stop. The interface starts to slow down, the simplest commands are executed with a delay.
If cryptojacking is browser-based, then the symptoms are the same, and if you close a specific browser tab, the symptoms disappear. This means that it is on this site that the cryptojacking code is installed. At the same time, the antivirus will be silent, it’s just a website page, and it doesn’t steal anything, doesn’t try to overwrite memory, or crack passwords. It’s just that your browser does more operations, runs more scripts. You never know, maybe the page is just very heavy and full of ads. Ad blockers are of great help, as they do not just hide it, but cut it out or prevent it from loading. The Noscript addon is also great.
However, most users do not notice any cryptojacking, many think that these are just the peculiarities of the computer. It happens that they just work slowly. In addition, many do not consider it dangerous, well, someone took advantage of unnecessary resources, they are reluctant to tinker with it. Therefore, cryptojacking is thriving and will not lose its relevance for a long time, it will be used by many cybercriminals, since it is simple, not very dangerous and very profitable. This is especially true of browser-based cryptojacking, because even the slightest hack is not needed there, you do not penetrate the victim’s computer, therefore, you practically do not violate the laws. And while cryptocurrencies are popular, cryptojacking will also be popular.
Protection against cryptojacking is in many ways similar to protection against any other malware. However, you need to look for other indications at the hardware level, slowing user experience, and decreasing resource scalability. Rising electricity costs and increased use of cloud resources are also signs of a hack.
We promise only interesting articles! We don't like spam ourselves :)