Not only could it mine a larger amount of currency if it wasn’t sharing a system’s resources with one or more other cryptominers, but Outlaw’s process allowed it to take over mining activities from other botnets. The Kubernetes console turned out to be mining cryptocurrency, and as the researchers dug deeper, they discovered that it was Tesla’s. It appears that the attackers had come across this Kubernetes console, and realized that there was a huge security lapse – it hadn’t been password protected. They used the image as a foothold to install their cryptojacking malware, mining with the victim’s resources and then sending the currency back to the group that commands the attack. Cryptojacking has its roots in 2011 when Bitcoin was still in its infancy and mainly used by cypherpunks and on illicit online marketplaces.
One way that cryptojacking attacks occur is via JavaScript code that runs in a browser. In that type of attack, the user visits a page, watches a video or clicks a link, where the embedded JavaScript cryptocurrency code is deployed. Hackers create a cryptomining script using a programming language and then embed that script into numerous websites. The script is run automatically, with code being downloaded onto the users’ computer. These malicious scripts can be embedded in ads and vulnerable and out of date WordPress plugins. In a recent investigation into a cryptomining infection, a Varonis Security Research team discovered a new variant of malware that was likely being used in cryptojacking for Monero cryptocurrency.
Many cryptojacking enterprises are taking advantage of the scalability of cloud resources by breaking into cloud infrastructure and tapping into an even broader collection of compute pools to power their mining activity. A study last fall by Google’s Cybersecurity Action Team reported that 86% of compromised cloud instances are used for cryptomining. More recently, while other types of malware have increased in prevalence and made international headlines (ransomware in 2021, for instance), cryptojacking has become somewhat of a mainstay threat type. In our 2021 State of Malware Report, we noted that BitCoinMiner remained the top business threat for Windows computers, and for consumers, Mac computers in particular saw an increase in cryptocurrency stealers/miners. An alternative cryptojacking approach is sometimes called drive-by cryptomining. Similar to malicious advertising exploits, the scheme involves embedding a piece of JavaScript code into a web page.
In May, a service called Bitcoin Plus was launched, and it allowed websites to embed a script on their pages that mined bitcoins for them, using the resources of their site visitors. The first is by trading fiat currency – such as the US dollar or the Yen – for bitcoins or one of its many rivals, via a cryptocurrency exchange. In the What is cryptojacking past, this could be done with the spare processing power on a PC, but it now requires exceptional amounts of computational power and is generally done with special equipment. When browser-based cryptojacking is used legitimately, all site owners have to do is host the code on their websites and notify the users of the practice.
Instead of building a dedicated cryptomining computer, hackers use cryptojacking to steal computing resources from their victims’ devices. When you add all these resources up, hackers are able to compete against sophisticated cryptomining operations without the costly overhead. Malware created for cryptomining uses up system resources much the same as cryptojacking scripts. Similar to CryptoLocker, malware can be used to infect computers, encrypt files, and hold them for Bitcoin ransom. Using your security software to scan for malware can help identify these malicious scripts. You can also use software such as PowerShell to detect a cryptojacking attack.
Users either click on an attachment or link to execute and run the cryptomining script or browse to a website with infected ads. Since Coinhive went away, attacks have become more sophisticated and surreptitious to include the infection of APIs, open source code, cloud infrastructures and containers, according to ENISA. Cryptojackers now distribute their attacks to as many people as possible, letting the attackers use less power per device and decrease their detectability. The browser-based approach works by creating content that automatically runs cryptomining software in a user’s web browser when they visit the webpage hosting it. Cryptojackers may create a website with embedded cryptomining JavaScript code and direct traffic to it for the purpose of cryptojacking, or they may compromise an existing site. In simple terms, cryptomining is the operation that generates new cryptocurrency, a type of Digital currency created and encrypted on the record-keeping technology called blockchain.
Cryptojacking software is also not easily detected by traditional anti-virus software, as they do not intend to “damage” your device other than use its local resources. Toward the end of 2017, when the value of cryptocurrency was at its peak, there were about 8 million coin-mining events blocked by NortonLifeLock in December alone. Because cryptojacking can yield lucrative results, coin-mining activity increased by 34,000 percent over the course of the year. For those not familiar with this fairly new terminology, cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money.
Cloud providers are baking in this kind of visibility into their service, sometimes as add-ons. Software composition analysis (SCA) tools provide better visibility into what components are being used within software to prevent supply https://www.tokenexus.com/ chain attacks that leverage coin mining scripts. As it has evolved into a multi-vector attack that spans across endpoint, server, and cloud resources, preventing cryptojacking takes an orchestrated and well-rounded defense strategy.
In February 2018, a researcher found malicious cryptojacking code on the Los Angeles Times website. Smartphones, tablets, routers and poorly secured IoT devices can also be infected. A number of apps have also been found to secretly mine cryptocurrency on the unwitting users’ devices. Cryptojacking, by contrast, doesn’t command quite as many headlines… in large part because many people don’t even notice that it’s happening. Essentially, cryptojacking maliciously uses someone’s computer or network of computers to stealthily mine cryptocurrency, earning the attackers money by using resources that they’re not paying for.