by peter

Share

Cryptojacking Attack Explained

Risk

Risk Rating: HIGH
Likelihood: 3/5
Impact: 5/5

Causes

  • Lack of good firewall

  • Lack of monitoring
  • Poor patching program

Cryptojacking Attack Overview

Sadly, no websites are sacred when it comes to hackers’ desire to exploit them for profitability — not even Australia’s parliament. In early 2018, cyberhackers compromised numerous Australian government websites with malware that forced visitors’ computers to secretly mine cryptocurrency without their permission. The cryptojacking attack was initiated when hackers exploited a vulnerability in a popular browser plugin as part of a larger global security breach. The attack affected the official website of the Victorian parliament, the Queensland Civil and Administrative Tribunal, and the Queensland Community Legal Centre homepage, among others, as well as the UK’s National Health Service, and the UK’s own data protection watchdog site

What you need to know about Cryptojacking attacks

Cryptojacking is an attack where a hacker targets and hijacks your computer systems with malware that hides on your device and then exploits its processing power to mine for cryptocurrency — such as Bitcoin or Ethereum — all on your dime. Their mission is to create valuable cryptocurrency with your computing resources.

The best defense against Cryptojacking attacks is authenticated vulnerability scanning to identify vulnerabilities and then regular and rapid patching. The Cyber Essentials standard states that patching should be conducted within 14 days of a patch being released, as we agree.

Detection is simple. If you have a well established monitoring program or are using a SOC, then they will detected the malware as a last resort. They should also be informing you in good time of vulnerabilities present in the environment.

How a cryptojacking attack happens

One way attackers execute cryptojacking attacks is by sending a malicious link in a phishing email, enticing you to download cryptomining code directly onto your computer. Another way is by embedding a piece of JavaScript code into a webpage that you visit — known as a drive-by. Upon visiting the page, malicious code intended to mine cryptocurrency will automatically download on your machine. The cryptomining code then works silently in the background without your knowledge — and a slower than usual computer might be your only indication that something is wrong.

Cryptojacking Attack Sources

These attacks come from all over the world. These days, cryptojacking doesn’t require significant technical skills. Cryptojacking kits are available on the deep web for as little as $30. It’s a low bar for entry for hackers that want to make a quick buck for relatively little risk. In one attack, a European bank experienced some unusual traffic patterns on its servers, slower than average night processes and unexplained online servers — all attributed to a rogue staffer who installed a cryptomining system