Cryptojacking is the illegal practice of using a computer or mobile device to mine cryptocurrencies without the user's knowledge or permission. Many websites are infected with cryptojackers today. In this article, we'll cover what cryptojacking is, how it works, and the steps you can take to protect your website in 2022.
What is cryptojacking?
How does it work?
It's a bit like someone else borrowing your car to drive deliveries and earn money behind your back, using up your gas and leaving you with added wear and tear on your vehicle in the process
When you visit a website running a crypto miner don't expect to be informed, asked for consent, or have to do anything to start the mining process. Simply visiting a website is all it takes for thieves to steal your CPU. And it's not exactly a harmless act.
While researching Cryptojacking our laptops heated up and fans kicked on. Cryptojacking not only degrades the performance of users' computer but shortens the life of their computer's components. For site owners, cryptojacking degrades page performance as well as user experience, ultimately driving visitors away from your site.
Hackers aren't limited when choosing how they are going to inject a miner into your website. In the course of our research, we found thousands of live samples including cryptoloot, coinimp, jsecoin, crypto-webminer, cryptonoter, monerominer, deepminer, and coin-have.
How prolific is cryptojacking?
We are seeing compromised websites as low as personal blogs up to top Alexa-ranked websites being affected by Cryptojacking. No single vulnerability is being exploited to compromise these websites but we are seeing an uptick in mining operations online. This will only be exacerbated by the recent Log4j vulnerabilty. Right now there are about 3,000 websites serving Cryptojacking scripts to users online. This is growing daily. We are actively monitoring for new activity daily to continue to protect our customers.
What can you do to prevent cryptojacking?
So, what can you do about cryptojacking? The first step is to know the signs. Then, as you may guess, there are two different ways of mitigating its effects: detection and defense. Detecting cryptojacking isn't always easy, but defense is even trickier.
The first thing to consider is whether or not your website is being cryptojacked. Here are some things to check:
Are you getting HTTP requests for Bitcoin and Monero transactions on your site?
Does your computer heat up and run the fan when you access your website?
If you're concerned about cryptojacking on your business network, you could also use a network monitoring tool to look for unusual resource usage.
No matter how it's done, mining cryptocurrency is a massive resource hog, which gives some telltale signs, such as abnormally high CPU or GPU usage. Especially in off-business hours when machines should be less active. A simple way to look for abnormal use would be to set up alerts for when CPU usage exceeds a certain threshold in off-hours or on machines that don't typically perform CPU-intensive tasks.
For a site owner, things are a bit more difficult. In order to definitively prevent cryptojacking on your website, you need full visibility into the code running on your website, as well as any third-party connectors and plugins, and the ability to unilaterally block unwanted code.
To learn more about how MarSec can help defend your site against cryptojacking attacks, schedule a demo today.