Have you ever heard of cryptojacking? Maybe not, because it is a relatively new type of cyberthreat that many entrepreneurs and small business owners are still unaware of. However, with over 3 million cryptojacking attacks detected between January and May 2018, it could pose a significant threat to your livelihood and business’s reputation. That is no reason to panic though. This article explains exactly what you need to know about cryptojacking, cryptocurrency, and how it directly impacts website security. You’ll also learn three simple best practices to protect your website and your reputation.
What is Cryptojacking?
Before you can understand cryptojacking, it’s important to understand what cryptocurrency is. Cryptocurrency is an anonymous decentralized form of currency created through “mining” computing resources. Cryptocurrency has gained popularity all around the world with retailers as large as Microsoft and Newegg accepting it as a form of payment. However,the anonymous nature and the fact that it can be passively “created” using nothing more than a powerful computer, has quickly made it a favorite for cybercriminals. While the most recognizable cryptocurrency is Bitcoin, there are other cryptocurrencies on the market including Monero and Ethereum.
Cryptojacking is the malicious, unauthorized use of cryptocurrency mining scripts, or software designed to create cryptocurrency, on websites. These scripts harness website visitors’ computer resources to create cryptocurrency, typically Monero. It is currently estimated that approximately 5 percent of all Monero coins in circulation were mined using malware. In Q1 2018, SiteLock reported that 1 percent of malicious files cleaned were being used to mine cryptocurrencies. While there are legitimate uses for cryptocurrency mining scripts, such as allowing news sites to mine for cryptocurrency in lieu of serving ads, they are more commonly used for malicious purposes due to the high return for relatively low effort.
Cryptojacking occurs when cybercriminals inject mining scripts into a website without permission, usually through a website vulnerability. These scripts are then used to hijack website visitors’ computer resources to mine for cryptocurrency. Unlike more traditional website attacks such as defacements and phishing, cryptojacking attacks are often symptomless for the website owner. Instead these symptoms impact website visitors in the following ways:
- Applications on their computers suddenly crash or close
- Laptops may overheat
In rare instances, the victimized website may experience slow load times, but this is more frequently a symptom of a misconfiguration or improper website optimization.
Another unique feature of cryptojacking attacks is that they tend to increase and decrease in frequency, mirroring the fluctuations in cryptocurrency values. When values increase, the profitability of cryptojacking attacks also increase and therefore so does the volume of attacks.
Protecting Your Most Important Asset
Your website is likely your virtual business card and an important first impression with potential customers and clients. The average websites are the target of 50 cyberattacks per day, making protection all about prevention. Entrepreneurs often rely on their website as their business card and portfolio, it is the first impression potential customers and clients get. Because cryptojacking attacks are symptomless and target visitors, preventing them is critical to protecting business and website reputations. Potential customers facing slowed computers and crashed applications are not likely to trust the services or stay on your website if it’s infected.
Prevention can be easy and accessible, such as:
- Daily malware scans and automatic malware removal to mitigate problems as soon as they begin
- Vulnerability scans and automated security patching. This will help to plug leaks in your website code before it can be exploited by cybercriminals
- Using a web application firewall (WAF) to filter malicious and suspicious traffic. Automatic vulnerability scanners and bots used by attackers can lead to compromises. Using a WAF stops that threat before it reaches your site.
It is also worth keeping an eye on cryptocurrency activity, such as sudden spikes or drops in value. Keep in mind like the stock market, cryptocurrency value is a marathon and not a sprint. At the moment, cryptocurrency is experiencing a market decline, therefore, sudden changes in value are not a reason to panic and change your policies midstream. To be specific cryptocurrency dropped 80 percent over 2018. That said, it’s best to keep cryptojacking in mind and implement a proactive and holistic approach to protecting your website from all forms of malware including cryptojacking.