Cyber-attacks for profit are likely to stick around as long as the cybersphere exists, but the threatscape is always shifting and evolving. Phishing attacks, which have dominated the headlines for the past couple of years, are now sharing ink with cryptojacking, an attack method that is likely to continue to increase in popularity among hackers. According to a recent report by Adguard, more than 33,000 websites are currently running a cryptojack script, and the estimated monthly visits to these infected websites is more than 1 billion.
What Is Cryptojacking?
The emergence of cryptocurrency, such as bitcoin, has resulted in the development of quiet malware that illicitly uses victim’s computing resources and abuses infrastructure to mine for cryptocurrency - aka cryptojacking. This low-profile under-the-radar malware usually remains undetected, making it a trend that is likely to increase. Cryptojackers originally targeted mobile devices and PCs, but they are increasingly turning their focus to servers, which offer more power and more systems, resulting in greater profits. Also known as cryptomining or coinjacking, cryptojacking is on the rise because it is fairly easy to deploy and difficult to detect, a perfect combination for a cyber-attack. In fact, cryptojacking has become so widespread, that cryptojacking kits are available online for as little as $30.
How to Protect Your Resource
So how do cryptojackers get their malware installed on your systems? They can either using social engineering to get a victim to inadvertently install a cryptomining script onto their system or they can install the malware via infected websites or web ads that execute when visitors click them. So to protect your systems, a critical first step is employee awareness and training. Another measure is to install ad blockers, removing the chance that a user will click on an infected ad. And yet another is to ensure your web filtering tools are updated regularly. It’s also a good idea to identify your security vulnerabilities through penetration testing. Doing so will show you where you have gaps just waiting to be exploited by all sorts of threats, including cryptojackers. Although these measures alone don’t guarantee your systems will be safe, they can be part of a security strategy that is continuously shifting and evolving with the threatscape to give you an effective security posture.