Industry Insights
Words of wisdom from our business insurance experts.
Cryptojacking: what is it, how does it work, and ways to defend it.
What is cryptojacking?
Cryptojacking is essentially the secret use of someone else's computer to mine cryptocurrencies - not specifically chosen by you or with your approval. This contrasts with many other forms of cloud-based cyberattacks, such as DDoS, where users are at least aware of what is happening to their device.
Some crytojacking is done by hacking into a computer, either remotely or by gaining access to someone's login information (for example, through malware).
The cryptocurrency mining is so computationally intensive that you can find your computer running slower, fan going faster and battery draining faster than usual. It can be a bizarre situation to be in if you don't know it's going on.
How does cryptojacking work?
Attacks can happen in various ways. It usually goes like this: you go to a normal website and scroll around as usual. But in the background, your computer is used without your knowledge, for mining cryptocoins, and possibly even using other people's computers too.
The most common way is via malware on a computer, however, it is possible via a smartphone or tablet. This usually happens when an email or text is received with a malicious link. A user clicks the links and a code is loaded directly onto their computer, often without the user knowing. Once the computer is infected, the "cryptojacker" goes to work and steals or mines the crypto while staying hidden in the background.
Another way cryptojacking occurs is called "drive-by cryptomining", a scheme that involves embedding Javascript code into a website. When a user visits the site with the script, the mining occurs on the corresponding users computer without the user knowing. Eventually their computer begins to run slower, or their battery drains faster, causing the user to investigate the problem.
Some crytojacking attacks will also install ransomware, which encrypts files and data so you cannot access it until the crypto ransom is paid.
The crytojacking attack completes in anywhere between 5 minutes to an hour, with the average crytojacking attack taking around 20 minutes. The crytojacking software typically uses the central processor (CPU) on your computer, and sometimes also uses the graphical processing unit (GPU) for faster processing of crytojacking tasks.
One well-publicised crytojacking attack involved a crytpo mining virus called 'Coinhive' being installed on to the computer of an unsuspecting user. For around 20 minutes, this crytpo mining software used the processing power of that person's device to mine crytocurrencies and pay them to the attacker (who created and installed that cryptojacking virus).
The crytojacking software typically uses the central processor (CPU) on your computer, and sometimes also uses the graphical processing unit (GPU) for faster processing of crytojacking tasks. It can hack your computer until it is turned off or until you close the website that is infected with crytojacking malware.
How to protect your business from cryptojacking?
There are a few ways to protect your business from cryptojacking. Software and cyber security measure will defend an attack in the moment, and an insurance policy will support the business if sytems are breached.
Anti-Virus Software:
Some crytojacking malware can be removed by using anti-virus software (though this will not always work), while crytojacking malware that makes its way to the root of a computer or device cannot.
Some crytojacking malware can be removed by using anti-virus software (though this will not always work), while crytojacking malware that makes its way to the root of a computer or device cannot.
Cyber Security Expert / Employee:
One of the best way to prevent a cryptohacking event is to hire an expert. The cyber security world is expanding and developing every day, so it's difficult to stay in front of everything unless you are doing it everyday. A full-time, dedicated cyber security manager is a smart investment if your business operates in the cyber world.
Cyber Liability & Data Breach Insurance:
Once a cyber attack occurs, it can be difficult to stop the attack. Further, the damage done from a cryptojacking attack can cost the business fortunes with direct losses and legal fees.
A cyber liability and data breach policy is your best tool to recoup the funds lost, among other things. Today, a lot of cyber insurance policies exclude cryptojacking, so it's vital you speak to a cyber insurance advisor to design a policy.
management specialist