Today, cryptocurrencies are some of the most sought-after assets, driving many to seek ownership in various ways. While many opt to purchase these digital currencies from exchanges, an alternative is to engage in cryptocurrency mining. Cryptocurrency mining This mining involves solving complex computational puzzles, which necessitates substantial processing power. complex mathematical problems Consequently, a variety of browser plugins have been crafted to covertly tap into unused CPU capacity from unsuspecting users. This exploitative practice is termed as 'cryptojacking.'
Cyber Threats to UK Business
Given the escalating risk posed by cryptojacking, the U.K. National Cyber Security Centre has formally acknowledged cryptojacking within its array of cyber threats facing UK enterprises.
Per insights from NCSC, cryptojacking poses a noteworthy concern, demanding serious attention. The findings surmise that as the fascination with cryptocurrencies grows, so too will aggressive cryptojacking practices, spurred by individuals desperate to acquire digital currencies through any available means.
The report, which you can download here as a PDF , says this about Cryptojacking:
Deploying cryptocurrency miners via malware has been a tactic for a few years. However, in 2018-19, one of the primary threats might evolve into a newer approach exploiting webpage visitors for mining activities. Throughout 2017, incidents of cryptojacking—using someone's computer processing capabilities without their consent to mine cryptocurrencies—rose sharply. In December 2017, a survey by Check Point revealed that 55% of businesses worldwide were affected by such cryptominer activities.
High-traffic websites will likely remain vulnerable, unintentionally distributing cryptomining malware to unsuspecting visitors. Certain scripts, once executed in a browser, leverage the visiting device’s idle computational power to mine Monero, a digital currency. In February 2018 alone, over 4,000 sites globally—nearly 600 originating in the UK—were found secretly mining cryptocurrencies via a compromised accessibility plugin for blind users. Users might only notice cryptojacking due to minor performance dips in their devices. Utilizing ad blockers or antivirus programs (which can mitigate browser-based mining) is recommended to counter these threats.
While cybercriminals mainly orchestrate cryptojacking, some site operators have also targeted their own visitors, secretly harnessing their CPU strength for manual cryptocurrency mining, without any explicit consent. In February 2018, a US-based publication experimented by notifying readers that choosing to block ads would enable them to utilize the reader's CPU for mining Monero, supposedly to compensate for potential ad revenue losses post-ad blocking.
Cryptojacking Incidents Are on the Rise
As per the NCSC's data, around 55% of worldwide enterprises fell prey to crypto mining malware in December 2017. The privacy-centric cryptocurrency, Monero, was singled out as the prime target mined via cryptojacking, with the Coinhive plugin largely facilitating these operations.
Current trends suggest that cryptojacking occurrences aren't abating. The report highlighted that over 4,000 websites now host this insidious malware, initially intended as plugins for visually impaired individuals. This difficulty in detection contributes to the problem, with a noticeable performance dip as a potential clue that a device might be mining cryptocurrency in secret.
Different Forms of Cryptojacking
The report outlined two major cryptojacking types: one executed by cybercriminals and another by website admins. Certain web admins have reportedly equipped their sites with malware that commandeers visitors' computers to mine cryptocurrency, all without the visitors' explicit knowledge or permission.
Users are advised to install browser plugins that specifically block covert crypto mining to protect their computers against cryptojackers. Recently, in March, Microsoft Windows Antivirus effectively halted more than 400,000 cryptojacking malware attempts that occurred in less than a day.
Various browser platforms have developed plugins, add-ons, and extensions that guard against cryptojacking.
These include No Coin for Firefox and Chrome and minerBlock for Chrome. In January 2018, Opera announced planned anti-crypto mining features for its mobile browser.
