Cryptojacking - How does it work?

Cryptojacking - How does it work?

Written by Ayush Panara

Cryptojacking

With the growth of technology, the Internet is now being a basic requirement. But, this technology brings with it many hazards every day in this emerging online world. Crypto Jacking(or Cryptocurrency Hijacking) is a cyber-attack which focuses on using the victims’ CPU power to mine the cryptocurrency on the behalf of the Hacker. Many popular websites that have high traffic in terms of users are the possible target for cryptojacking[1]. According to a recent study, hackers are running their scripts whenever the ads are being played on such websites. Cryptojacking can affect a personal computer system, CPU usage.[2]

One of the main reasons why this technique is of the potential threat is because hackers can use your computer system without you knowing about it. According to Adguard an internet advertisement blocking company, there was an approximate growth of 31% in the in-browser crypto-jacking attack. The report further mentions that 33000 crypto mining scripts were running in such in-browser ads.[3]

Background

Crypto Jacking is closely related to the following terms mentioned below:

Mining

Mining does the work of validating online transactions done in cyber networks. It is a complex mathematical problem and requires huge computational resources in processing, solving a block storing the transaction data using hash value. Mining has 2 main tasks:

  • Assign new transactions in the blockchain.
  • Release new currencies for transactions.

Cloud Computing

Cloud computing is an IT service based on “Pay for what you use”. Cloud computing is contained servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”). People can select the particular services that they want and then pay accordingly. Thus, providing a business company to take care of their resources in a faster and flexible way.

Cryptocurrency

Cryptocurrency is a virtual currency which, unlike centralized banking systems is decentralized in nature and thus has come out as a secure way for online transactions, control units, and transaction assets. It further uses strong cryptography and is based on blockchain which makes it more reliable. Bitcoin is an example of cryptocurrency. Perhaps, one of the most appealing and disruptive aspects of cryptocurrencies is the part that rather from a Peer-to-Peer network of computers, the legitimateness of a transaction is monitored by common people. 

Theory

The base for the rise of Cryptojacking is Cryptocurrency and Mining. Online transactions in which use of Cryptocurrency for exchange are validated by people also known as Miners. And thus, Mining is a validation of the transaction of cryptocurrency. This involves the use of computer hashes and Computational Power. On successful validation of an online transaction, miners get a reward (Money), which is a cryptocurrency.

The online transaction where cryptocurrency is used, are validated through blockchain. Blockchain, as the name suggests has a list of records, which is known as blocks and these blocks are connected as the chain of blocks. Each Block Compromises of a transaction data, the hash of that block and the hash of the previous block. The Hash validates the transaction or to be precise validates that particular block of the transaction[4]. A reward is based on "All or Nothing system", the first one who calculates a right hash for the block of blockchain wins the reward and the other gets nothing. Hash calculation task involves lots of trial and error. The more you calculate hash the more chance you have to win a reward. But the calculation of each hash requires computational power and thus for faster calculation of more hash per unit time high computational power is required[5]. This can be provided by a high-performance GPU and CPU. The other way to achieve it is if many people share the computation power of their computer for solving a particular hash which leads to a high chance of getting a reward, which is then equally divided. This equal division of reward is called Mining Pool and is one of the most used techniques used by a group of Miners in recent times.[6]

There are two main schemes which are used in mining: PoW and PoS. PoW stands for Proof of Work. In this scheme, the miners compete to calculate the hash value with each other and the one who manages to get it fastest gets the reward. But, as all are working on the same block, the resources are wasted. The Concept of proof of work existed even before the development of Bitcoin. This concept was brought into the digital transactions ecosystem by Satoshi Nakamoto. A comparably newer scheme which has come into existence is known as PoS which stands for Proof of Stake is more used nowadays. In this technique, validators are selected randomly who then validate the transaction and there exists no competition for finding hash. On a successful transaction, miners are paid according to their deposits.[7] Further, BlockChain has a low production rate as high resources are required to add new blocks to the chain. Thus, the hacker tries to mine as much in order to get higher monetary benefits and crypto-jacking is thus becoming a tempting opportunity to earn profits for those seeking it in unethical ways.

 

Mining

Through Phishing Mails

Mails are sent to Victim’s MailID which has an applying content with a link or attachments at the end. Once the victim clicks the link or downloads the file, a crypto mining code is loaded on your PC or laptop.[8]

Through Applications

Installation of an application in your laptop or mobile which has the mining code embedded in its source code will automatically start mining cryptocurrency once installed.[9]

Through Browser

In this technique of cryptojacking mining, code runs in the browser with the assistance of java scripts. Once some vulnerable web content (i.e.: website, online page, etc.) is loaded. The code is executed in the back-end inadvertently to the guests.[10] The other tactic which is seen very often websites showing ads which, on clicking redirects user to a webpage that is mining cryptocurrency.

 

Detection

If the taskmanager a users' operating system stays at nearly 100% and lags in execution is experienced by the user, there is a high probability that the PC or laptop is used for mining cryptocurrency. Going into a taskmanager of Chrome shows tab-wise CPU usage, observation of which would help in detecting if or not a particular website is mining cryptocurrency using your resources.[3]

 

Current Scenario

In End Point Devices

All the Endpoint Devices such as Laptops, Personal Computers, etc. are serving a major role in Cryptojacking. The first targets of the miners are the people unaware of using proper antivirus in devices. Such a device is then targeted using Browser mining which increases the CPU Utilization to its peak, decreasing the productivity aspects of the machine with a script which is mostly written in JavaScript. Going one step ahead, miners have become smart and have started placing their malicious scripts into official apps available on Play Store, bypassing all the security tests in such a secure server.[9]

In System Servers and Network

In search of a powerful resource that maybe 100 times powerful than regular machines and this is where data centers and big enterprises come in the picture. Such machines which are always a key resource for the company’s productivity are then used as a mining tool by the miners. Such attacks are really difficult to detect but as Enterprises are dependent on their resources, as they increase their productivity, and an attack might lead to failure of the system's performance and thus firms have come out with different measures which can help in decreasing impact of such attacks.[11]

In Cloud Computing

Cloud Computing is a vast field, not only it serves as a better companion but also takes really good care of our data. Due to the increase in the use of Cloud Computing, its security is at stake. According to Dark Reading, “25% of businesses are targeted with cryptojacking in the cloud, which was 8% last year.”[12] Companies like Tesla has faced many such problems and was a victim of cryptojacking from a loophole which was poorly configured. Cryptojackers are always in search of these loopholes which can help them utilize the CPU cycles from the firm.

 

Impact

Brand Deterioration

Whenever a website is targeted by such attacks, the integrity of that particular firm is at stake. Thus, whenever an attack is carried on such well-known firms, it decreases the confidence level that customers put on that firm and thus apart from a decrease in its brands and losing customers, it also opens a gateway for hackers, which are much more harm to the firm than miners. While Miners are attacking these browsers, the integrity of that particular firm is at stake. In a recent study, it has been found out that most of the victims who were infected by cryptojacking were well-known firms, which degrades the confidence level of the owners. People are scared to use their resources as they might infect their system. This also opens a gateway for hackers, which makes them even more vulnerable than the Miners.

Increase in Electricity Consumption

As, mining requires the use of resources in the high amount it, in turn, increases electricity consumption. And specifically, crypt jacking can affect a large number of devices it correlates to the fact that batteries would drain faster and higher electricity will be consumed. If a machine runs continuously for 24 straight hours, it is consuming 1.212kWh power, which roughly costs around $6 in the United States and $13 in Germany per month. Thus, costs, when multiplied to the machines available in data centers, turns out to quite a big number that certainly affects the budget of the firm.[13]

Ethics

The case of mining cryptocurrency without the user’s permission is unethical as well as an illegal action. But, there exists a debate about whether it should be considered ethical or not, the reason being the unused power can also be used for good similar to what the UNICEF had done. UNICEF’s use of resources for good campaign started to collect funds for Syrian refugees in February 2018. In this campaign, they targeted users’ machines by asking their permission to access their processing power to mine Ethereum (ETH).[14]

Remedies

As, majority of advertisement blockers have added functionality to block famous crypto-malware scripts to prevent the mass abuse and as Cryptojacking scripts are often delivered using web ads, installing an advertisement blocker on a browser will help reduce the risk of being the victim of cryptojacking. Many Antivirus software has also incorporated technology to detect and block crypto jacking in real-time and thus installation of such antivirus software in endpoint devices will help you protect your infrastructure from this type of attack.[3]

For firms, awarding their employees about cyber hygiene and deployment of endpoint protection (i.e.: use of an enterprise-grade network firewall to ensure that all users of their network are protected from ever-evolving cryptojacking scripts) on their workstations can prove to be an effective measure against cryptojacking. To prevent high traffic websites from such attacks, the website owners should use web application firewalls and consult IT security professionals to find and remediate vulnerabilities present in their web application.[15] Further a track on the changes makes in the backend scripts of websites helps in detecting any malicious changes.

Thus, generally miners try to evade the detection capabilities of antivirus, endpoint protection, and firewall solutions but the new collaborative approach by the firms, the IT security, and the employees, devices can be saved from a Cryptojacking attack.

 

References

  1. ^ Partz, Helen (2018-05-08). "Coinhive Code Found On 300+ Websites Worldwide In Recent Cryptojacking Campaign"Cointelegraph. Retrieved 2019-09-01.
  2. ^ "Cryptojacking is when someone illegally uses your PC to make digital money + 8 facts"Quick Heal Blog | Latest computer security news, tips, and advice. 2018-06-20. Retrieved 2019-09-01.
  3. Jump up to:a b c Nadeau, Michael (2019-08-02). "What is cryptojacking? How to prevent, detect, and recover from it"CSO Online. Retrieved 2019-09-01.
  4. ^ "The great chain of being sure about things"The Economist. 2015-10-31. ISSN 0013-0613. Retrieved 2019-09-01.
  5. ^ Kelly-Detwiler, Peter. "Mining Bitcoins Is A Surprisingly Energy-Intensive Endeavor"Forbes. Retrieved 2019-09-01.
  6. ^ coindesk. "What is a Bitcoin Mining Pool?"CoinDesk. Retrieved 2019-09-01.
  7. ^ "Proof of Work vs Proof of Stake: Basic Mining Guide"Blockgeeks. 2017-03-15. Retrieved 2019-09-01.
  8. ^ "What is cryptojacking? How it works and how to prevent it"us.norton.com. Retrieved 2019-09-01.
  9. Jump up to:a b "Hackers move to mobile as cryptojacking threat evolves"Wandera. Retrieved 2019-09-01.
  10. ^ "Cryptojacking - Cryptomining in the browser"www.enisa.europa.eu. Retrieved 2019-09-01.
  11. ^ Osborne, Charlie. "Cryptojacking attacks surge against enterprise cloud environments"ZDNet. Retrieved 2019-09-01.
  12. ^ "25% of Businesses Targeted with Cryptojacking in the Cloud"Dark Reading. Retrieved 2019-09-01.
  13. ^ "Cost Of Electricity By Country"WorldAtlas. Retrieved 2019-09-01.
  14. ^ Asgardia.space (2018-10-22). "Using Crypto for Charity? UNICEF Proves That It Works"Medium. Retrieved 2019-09-01.
  15. ^ Chelmo, Brook (2018-11-30). "3 Ways to Prevent Cryptominers from Stealing Your Processing Power"SonicWall. Retrieved 2019-09-01.