Crypto
Even though cryptocurrency has its pricing ups and downs, it's still a prominent tool for attackers. Most people think that hackers look for opportunities to steal cryptocurrency, but attackers can obtain incredible payoffs by tricking users and businesses into mining cryptocurrency for them. In a successful cryptojacking attack, user and business devices run silent crypto-mining malware and send it to an attacker-controlled account.
Why Is Cryptojacking Profitable for Attackers?
Generating cryptocurrency is profitable if its value goes up. The downside is that it requires electricity to perform calculations to generate your chosen cryptocurrency. In many cases, the cost of electricity is more than the value of a generated coin. Most cryptocurrency miners are located in regions where the cost of electricity is low, but it's rare for electricity to be cheap enough for mining to stay profitable.
Crowdsourcing cryptocurrency mining is a legitimate business, but you must share profits with other miners. However, you can take all profits if you get numerous people to mine for you using their own electricity. In this scenario, you take all profits and have no costs of doing business. You don't even have the cost of cloud-based mining resources and electricity to factor into your profits.
Using cryptojacking, an attacker leverages other devices to mine cryptocurrency silently. The devices used could be a smartphone, tablet, server, or desktop. The more resources available to the machine, the more mining that can be done. For example, cryptojackers target enterprise servers for their high-end hardware, fast processing, and extensive memory. Successful enterprise attacks can make attackers millions in profits.
How Does Cryptojacking Work?
One common benefit of cryptocurrency is that it's a decentralized digital asset. Your coins can be stored in a wallet, but the act of generating them is done by thousands of hosts located across the globe. This makes it easier for attackers to target victims because every device becomes a potential mining machine. Attackers must overcome a target's cybersecurity and defenses, but then it's only a matter of time. The longer the malware runs on the target device, the more digital profits an attacker can make.
A cryptojacking attack can be done in the form of malware installed on a target machine, or an attacker can trick a user into accessing a web page running crypto-mining scripts. Another option is to inject crypto-mining into an open-source repository where several developers download and use the target code for their own projects. The latter option is called a supply-chain attack, and it requires a takeover of the developer's code.
For individuals, a simple click of a URL in a malicious email message will suffice for cryptojacking, but it's not permanent. As soon as the user leaves the page, the mining software can no longer execute. A better attack is persuading users to install malware on their local devices. After the cryptojacking malware installs on a device, it uses as many resources as possible to mine cryptocurrency. More sophisticated malware will use only partial resources to avoid alerting the user that something is wrong with their device. Poorly written cryptojacking malware will crash the device, rendering it unusable. When the device crashes, it can no longer mine cryptocurrency, so malware authors build safeguards into their software to avoid this issue.
Web-based cryptojacking malware is written in JavaScript because the attacker needs the malware to run on the user's local device. Servers are also targets, but it involves more sophisticated malware that runs directly on the server and obtains access to the server's resources. It must also avoid enterprise antivirus software, which is much more difficult than bypassing individual user cybersecurity.