As one of the latest cyber dangers facing the business world, a crypto-jacking risks and cyber attack can interrupt business, cause reputational damage and may even lead to data loss, legal claims or regulatory fines. Technology companies are at a greater risk, but any company with a website is vulnerable. Here’s what to know about crypto-jacking to protect your business:
What Is Crypto-Jacking?
Crypto-jacking, also known as “coinjacking” or “drive-by mining,” is a subtle type of cyber attack that is related to cryptocurrency technology and can affect any business with computers connected to the internet. While crypto-jacking has been around for nearly a decade, it has become a greater risk for businesses over the last several years.
To understand crypto-jacking, it’s helpful to understand how cryptocurrency technology works, since the two are interrelated. Cryptocurrencies like Bitcoin work by issuing new digital “coins” which users can trade and exchange online. Just as a government might issue new currency by minting physical coins, the cryptocurrency markets create new digital “coins” via “crypto-mining.” In crypto-mining, vast networks of computers work together to solve highly complex math problems. Mining exists to verify transactions and ensure the security of the technology. The first individual crypto-mining computer to complete the solution to one of these math problems is rewarded with a small amount of cryptocurrency. However, the computer resources required to earn the reward are enormous, and therein lies the interest for hackers.
How Does Crypto-Jacking Work?
Rather than setting up the complex computer rigs needed for legal crypto-mining, hackers use crypto-jacking to hijack another person’s computer to perform the necessary calculations to mine cryptocurrency for them. Crypto-jacking either targets web browsers or involves downloading specific malware.
With browser crypto-jacking, a hacker uses a website to execute a piece of crypto-mining code. The code uses the computer processing unit (CPU) of any user who visits the webpage to mine cryptocurrency for as long as the webpage is opened. The code can be incorporated into a webpage via a banner ad or pop-up, or by installing crypto-mining code on the site’s server. Not all such crypto-jacking is a hack by an unknown third-party attacker. Some websites intentionally use this method to monetize their own web platforms. However, it’s a legally and ethically dubious practice, since the web user hasn’t consented and may suffer computer performance issues.
Browser-based crypto-jacking risks scripts run on many popular websites, and your employees may see their computer performance degrade if they visit these websites. However, the bigger crypto-jacking threat to businesses comes from download-based crypto-jacking. Here, a crypto-mining code is downloaded to your business’s website server or network systems without your knowledge or consent, usually through a phishing scam. The malware can then spread to infect other systems and tax your computer resources and impact your website’s performance.
Crypto-jacking is meant to run as a background process on a compromised computer, making use of a computer’s resources but not crippling it enough to draw attention to the malware. However, all crypto-jacking malware has a serious impact on computer performance. Plus, some coin-mining malware will trigger a ransomware attack or crash if you try to uninstall it. This can lead to business interruption and other serious damages and losses.
What Can I Do to Prevent Crypto-Jacking Risks?
Crypto-jacking is both stealthy and pervasive, infecting many sites and computers on the web. However, it is easy to protect your business from most serious attacks by following these tips:
Training—By educating the members of your organization about the risks of phishing scams and how to avoid them, you can greatly reduce the risk of someone downloading a piece of crypto-jacking code or other serious malware.
Ad-blocking—The use of ad-blocking browser extensions can keep your company’s computer resources from being overtaxed should users visit a site with crypto-jacking ads, while anti-crypto-jacking browser extensions can help with other types of browser mining exploits.
Security software—Many antivirus and endpoint protection software solutions now offer protection from crypto-jacking. These tools can protect network systems and webservers as well as browser systems.
Web-filtering—Another tactic against crypto-jacking is the use of web-filtering tools that block websites known for crypto-jacking or malicious software downloads.
How Do I Manage Crypto-Jacking Risks?
Since crypto-jacking attacks can go unnoticed, the risk to businesses is often underestimated. But crypto-jacking has the potential to cause serious damage to your business, particularly if a ransomware or scorched-earth cyber attack is triggered by trying to remove the malware. Without protection, your business could face lost data and sales, as well as claims from customers or regulatory fines. With the increasing costs of a cyber attack, it’s more important than ever to ensure you have the cyber liability coverage your business needs.
CyberLock Defense Insurance is a one-of-a kind cyber liability policy that offers comprehensive coverage at rates more affordable and more accessible than any other cyber liability policy available. Coverage can help cover costs related to crypto-jacking and other kinds of cyber attacks, including privacy breach notification expenses, litigation, loss of income and regulatory fines and penalties.