The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Cryptojacking Is a New and Dangerous Cyber-Threat

Cryptojackers are cryptocurrency pirates who use your computing resources to enrich themselves. They're also like ninjas, since you may not ever realize they've done you any damage until after they're gone.

Like a good ninja, a cryptojacker can attack without your ever realizing he's there.It seems that every day, the world and some bad people in it think of new ways to gain resources that do not belong to them. Theft, in general, is as old as humanity — but as we move toward the 22nd century, technology is gaining steam, and there are more ways than ever before for thieves to steal your currency.


Using the word “currency” rather than “money” draws an important distinction, since toilet paper is worth as much as the U.S. dollar, given the right conditions. Money has many forms, however, and stealing paper dollars is just one means of illicitly acquiring wealth. Online theft also has many forms, and now there’s a new form of web-based thievery that targets a new form of web-based currency.


Cryptojacking is a relatively new means of theft. How does it work? Cryptojacking is the secret use of “borrowed” computing devices to mine cryptocurrency. Any cryptocurrency can be acquired this way, and the worst news is that the owner of a “jacked” device might never know what’s being done.


It used to be that a program had to actually be installed on a targeted computer in order for a hacker to seize control of it. The most sophisticated cryptojacking attacks, however, work in-browser, without needing any programs installed to take control of the resources of the targeted PC. If surfing the web in seach of (whatever) connects you to an infected site, your device could be compromised.


Cryptojacking steals cryptocurrency straight up, but it also uses power and system resources from a jacked PC or data center, and you are paying for those. A large- or ever moderate-scale hack of business machines, or worse yet an infection of corporate web properties, if exposed, could further damage a company’s brand and reputation. These is no telling what type of impact or costs that could have on the future health of the attacked company.


What Cryptojacking Is


In-browser cryptojacking attacks work off of Javascript on a simple webpage. A couple of years back, the website of cybersecurity association EC-Council was hacked using the same tech. More and more people, however, consider that any cryptomining activities which are not intentional should be considered cryptojacking. Also, to clarify, there are generally two methods of cryptojacking: browser-based and server-based.


JavaScript runs every single time on just about every website you visit, so the JavaScript code responsible for in-browser mining does not need to be installed. It is browser agnostic and will execute without your knowing what has happened. You simply load the page, and the in-browser mining code executes.


The hacker doesn’t need you to install anything, or click anywhere to opt-in. There are none of the usual “You won the lottery” or “Click here to fix your computer” gimmicks. Much of the reason cryptojacking is so popular is that it’s a highly efficient way for thieves to get their hands on crypto-currency and involves very little risk of discovery and exposure.


It’s a cheaper and more profitable alternative to other attacks such as ransomware, where a thief prevents access to your files, and then you pay them a certain amount to regain access. Even though most experts currently advise ransomware victims to simply pay up, accepting payment leaves a trail that can potentially be followed.


Why Thieves Prefer It


With Cryptojacking, there is simply no trace. Close to 100 percent of cryptojacking-infected machines can be used to mine cryptocurrency, which has real-world value. A thief can trade bitcoin for American dollars with little risk of being identified. And an effective cryptojacking attack runs secretly and can go undetected for a considerable length of time.


Even if a user discovers the malicious code that runs a cryptojacking operation, it is extremely difficult to trace cryptojacking back to the source of the attack. Expert may find a trail but rarely do such trails lead to anything.


Cryptojacking also causes very little collateral damage. Unlike other attacks, which may result in loss or corruption of data, or even do damage to physical resources, cryptojacking does not result in destruction of property. This can sometimes lessen the motivation to find and prosecute attackers, meaning that cryptojacking is sometimes seen as a low-priority crime for law enforcement officials.