What is CryptoJacking?

The rapidly developing ecosystem of the digital world has led to the emergence of new threats along with the opportunities offered by technology. Among these threats, cryptojacking stands out as a complex and sophisticated attack method that jeopardizes users' crypto assets and privacy. Cryptojacking has pushed the boundaries of traditional cyber attacks and added a new dimension to malicious actors' strategies for making profits in the digital environment.
Cryptojacking is a type of cyber attack used to mine crypto assets by seizing the processing power and resources of computers without users' knowledge or permission. Cryptojacking can target individuals, large organizations, and even industrial control systems. It is used to mine victims' computers or hardware or perform the necessary calculations to update the blockchains of crypto assets. Thus, it creates new assets and generates fees in the process. These created new assets and fees are deposited into crypto asset wallets owned by the malicious person, that is, the cyber criminal. Mining costs are borne by the victim.

What are the Types of Cryptojacking?

There are multiple ways that cryptojackers maliciously mine cryptocurrencies. These ways are as follows:

1. File-Based Cryptojacking

-File-based cryptojacking involves malware downloaded to run an executable file. This file propagates a crypto mining script throughout the IT infrastructure. One of the most common ways to achieve this is through malicious emails.
An email is sent with a legitimate-looking attachment or link. When any user clicks on this attachment or link, a code runs and installs the crypto mining script on the computer. The script runs in the background without the user's knowledge.

2. Browser-Based Cryptojacking

-Cryptojacking can occur directly in a web browser. In this type of attack, IT infrastructure is used to mine cryptocurrency.
Hackers use a programming language to create a crypto mining script and then embed it on multiple websites. These malicious scripts can be embedded in ads, vulnerable and outdated WordPress plugins. The script can run automatically and download the code to the users' computer.

3. Cloud Encryption

-In cloud cryptojacking, hackers search for the files and code of a business's API keys to access cloud services. It then uses unlimited CPU resources for crypto mining, resulting in a huge increase in costs.

How Does Cryptojacking Work?

Cryptojacking can be thought of as a parasite that secretly and insidiously sucks the energy of a hardware or device. Cryptojacking can be hidden, slowing down users' devices or hardware, increasing energy consumption, and even damaging devices.
Malicious actors infect users' devices with cryptojacking while mining crypto assets or to steal crypto assets from their crypto wallets.

1. Compromising an asset to embed a crypto mining script: Cryptojackers compromise an asset by embedding a crypto mining code.

2. Executing the crypto mining script: Once in place, crypto thieves wait for victims to execute the script. If users click on an attachment or link or browse a website with infected ads, the crypto mining script is executed and executed.

3. Crypto mining starts: The crypto mining script runs in the background after execution without the user's knowledge.

4. Solving algorithms: Crypto mining script uses computer power to solve complex algorithms to mine a block. These blocks are added to a blockchain that stores cryptocurrency information.

5. Receiving a cryptocurrency reward: Every time a new block is added to the chain, hackers receive cryptocurrency coins as a reward without the need for much work or risk. Cryptojackers earn rewards directly in cryptocurrency, which is easy to add anonymously to their digital wallet.

How to Detect Cryptojacking?

Considering the widespread and evolving nature of cryptojacking attacks, it is of great importance to detect and stop illegal mining activities from maliciously using the computing resources of any computing platform without users' knowledge or consent.
Because cryptojacking is not much different from traditional malware. Users should be alert and can catch the attack by following some possible signs.

*A cryptojacking attack can cause computing devices to overheat due to resource requirements, which can shorten or damage the life of computers. Computer overheating may be a sign that there is a problem with your device.
*Poor performance devices or apps crashing frequently may indicate a cryptojacking attack.
*Cryptojacking scripts increase CPU usage when a user navigates a website. Therefore, users can check the CPU usage using Task Manager to find out if illegal activities are taking place on their device.

Cryptojacking History

Cryptojacking first attracted attention during the rise of Bitcoin in September 2017. Coinhive has published code on their website that is intended to be a mining tool for website owners to passively earn money, as an alternative to website advertising. However, this has been misused by cybercriminals to plant their own crypto mining scripts. The computing resources of website visitors were used to mine Monero (cryptocurrency).

How to Protect from Cryptojacking Attack?

It is of great importance to be aware of the new generation threat, take security measures and ensure that users are safe in the digital world. There is some basic information to protect yourself from cryptojacking attacks:
-To be protected from viruses and malware, software must be installed and kept constantly updated.
-Users should use ad blockers in their browsers.
-Websites that are known and appear reputable for running cryptojacking scripts should be avoided.
-Users should disable Javascript in their browser.

Why Is Cryptojacking a Concern?

-Crypto theft may seem like a harmless crime, since the only thing stolen is the power of the target person's computer. However, the use of computing power for this criminal purpose is done without the knowledge or consent of the victim, for the benefit of the criminal who illegally creates money. Cybercriminals see this as a lucrative avenue, as a large number of infected devices generate large amounts of cryptocurrency.
The primary impact of crypto theft is performance-related, but since cryptocurrency mining uses high levels of electricity and computing power, it can increase costs for affected individuals and businesses.

APPLICATIONS USED TO AVOID CRYPTOJACKING

BERQNET FIREWALL INSTALLATION:

Although the ADSL line is connected to the modem, it is the best connection method to be actively managed by the Berqnet device. To do this, put your modem to which the ADSL line is connected to bridge mode: INTERNET light should be passive, DSL light should be active and steady.
Connect from any of the LAN ports on the modem to port 0 on your Berqnet Firewall device.
Make local area network (LAN) connections with port number 1 on your Berqnet device. Switches are generally used on the local area network side.

A computer with a connection to the local network automatically receives an IP. By default, DHCP service is active on Berqnet for port number 1 and the interface login IP address is 192.168.12.1.
On a computer connected to the local network on port 1, enter https://192.168.12.1 from any internet browser. Allow the certificate warning that appears on the screen and continue.
Log in to Berqnet administration panel with the default username and password.
Default username: berqNET
Default password: berqNET
Berqnet Quick User Guide berqnet.com 4 5 6 You will see the Interface Settings page on the screen. Mark ADDRESS TYPE as PPPoE. Enter ADSL Username and password information. Check the Define as WAN option.
If a device other than Berqnet will actively control the Internet connection, Static should be selected instead of PPPoE as the Address Type. On the next screen, enter the IP address given for your Berqnet device (eg: 192.168.1.2). The modem's interface IP address (eg: 192.168.1.1) must be entered as the gateway.
Go into Interface Settings to see if the settings have been applied correctly. Verify the accuracy of the IP information by clicking Refresh. If IP information does not appear in this field, check the bridge settings of the modem again. Save the changes made by clicking Apply in the upper right corner.After the transactions are completed, it is seen that the internet is accessed via Berqnet by pinging any internet address from the Network Analysis screen in the management panel.

After internet access is provided, the device must be registered to Berqnet Portal in order for the configuration to continue. For portal registration, visit the following address