Sophos Cloud Optix
Cryptojacking has hit the headlines in recent months. But what is it? And do you need to be worried?
Cryptojacking occurs when a computer is used to mine cryptocurrency without the permission of the user. There are two main ways that this is done: in-browser and via installed malware on the machine.
In-browser cryptominers vs installed cryptomining malware
With an in-browser approach, cybercriminals break into a web server and inject browser-based cryptomining code that mines whenever anyone visits the website. For example, researchers recently discovered that a Coinhive Monero miner had been running on an LA Times website. Any time a user visited the Homicide Report web page offered by the LA Times, the hacker was able to steal their CPU power to mine for Monero, a popular digital currency.
We saw a similar example of this recently when a whole raft of government websites was infected with a cryptomining script through browsealoud DOT com – a service that converts pages on a website to speech, to help out visitors who aren’t fluent in written English or good at reading.
The bad news for consumers is that in-browser cryptojacking is platform-agnostic. That means that all of your devices – including your phone – are potential targets. We’ve seen Coinhive-based miners added to popular apps, like Netflix and Instagram, and there have even been reports recently about mobile phones being physically damaged by cryptominers.
The good news, though, is that in-browser crypto software generally isn’t doing anything malicious to your system, other than general wear and tear. The software might make your laptop use slightly more juice, but you’d be hard-pressed to notice those fractions of a penny on your electricity bill. The fact that it’s all self-contained within the browser itself means that cryptominers never get near your data, they’re just jacking up your CPU.
On the other hand, cybercriminals may take the approach of breaking into a consumer’s network and installing cryptomining software directly on their machine to steal electricity and CPU power. An installed miner is indeed a threat – beyond the side effects of wear and tear on your machine, CPU, electricity, cooling, and so on, the bigger problem is that you have now been breached. If hackers can install one thing – like a cryptominer – on your machine, there’s a high likelihood that they can deploy other kinds of attacks, like ransomware or keyloggers.
Is cryptojacking a bigger threat to a business or a consumer?
Cybercriminals are targeting everyone. You might think “it won’t happen to me” but, interestingly enough, our research shows that cybercriminals are using the same cryptojacking tactics against businesses and employees as they are against consumers at home. This tells us just how opportunistic cybercriminals really are and reminds us that security can’t stop when we leave the office. Security is a lifestyle, and it’s incredibly important to have enterprise-strength security protection at the office and at home.
How to tell if you have a cryptominer installed
If your computer is being used by cryptojackers, then it’s likely to get slower and the fans will go into high gear due to increased CPU. There’s a physical reaction to the miner being on the machine.
What to do
There isn’t one specific thing you can do to stop cryptomining attacks, but good security hygiene in general is always a good line of defense. That means:
- Keep your software up-to-date. Patch early, patch often
- Only download software through approved sources
- Don’t open or click on things when you don’t know where they came from
- Always create strong, unique passwords and don’t share them with anyone
- Enable 2-factor authentication when it’s available
- Back up regularly and keep a recent backup copy off-site
- Secure your computer with advanced real-time security protection. (Sophos is currently offering Naked Security readers 40% off Sophos Home Premium until 27 August 2018.)
Do these miners only run in Java typically, or something else that can be disabled?
Browser-based miners run in Java*Script*, not Java.
After a little extra reading, it looks like disabling javascript is the best security option for safe browsing. But like Flash’s history, it’s so popular everybody depends on it for page building.
You’re correct that disabling JavaScript will protect you from web-based cryptominers but I think that the comparison to Flash is a little hard on JavaScript 🙂
JavaScript is just a programming language and the web needs a programming language in order to realise the full vision of a web full of apps rather than a web full of documents. If JavaScript didn’t exist browsers would have to use something else (IE used to run VBScript for example, and here was even a PerlScript once) or we’d all have to return to 1994.
Criminals running cryptominers don’t exploit flaws in JavaScript, they exploit its features.
Flash is, amongst other things, an interpreter for ActionScript, a JavaScript-based language. Its history is littered with successfully exploited, critical security flaws. Criminals exploit it because if its flaws, not its features, and we could do without Flash tomorrow because better alternatives exist. The best alternative being HTML5, which depends on JavaScript to do the things that ActionScript does for Flash.
Turning off JavaScript works, but it’s a blunt tool. A more selective way to try and turn off just the bad stuff would be to use a plugin like NoScript that lets you control what scripts are run, or a plugin like Ghostery that can block 3rd party code.
Finally, if you’ll indulge me, what I’d like to see, and what I think is missing from the world, is a browser or plugin that forces you to give permission before pages are allowed to use particular JavaScript features, in the same way that you have to give permission if a page wants to use geolocation, for example.
Such a plugin might prevent things like keylogging or code that writes HTML that generates HTTP requests, for example.
Of course the fact that it doesn’t exist probably suggests it’s quite a difficult problem to solve!