If you’ve been keeping up with cybersecurity news over the last few years, you’ve probably heard of numerous different cryptocurrencies, such as Bitcoin and Monero, and how people mine them. In fact, Bitcoin kiosks have been popping up around the world, allowing people to exchange Bitcoins for cash, similarly to how they’d withdraw money from their bank’s ATM. And if any of your clients have been hit with ransomware, the ransom demand probably involved a payment in cryptos of some kind. Cryptocurrency is a hot topic. And, as of last year, there’s a hot new way to generate it.
“What’s cryptojacking?”
Ever since CoinHive first debuted its mining JavaScript in the fall of 2017, a new phenomenon called “cryptojacking” has been gaining traction. Essentially, whenever a user visits a site that is running this script, that user’s CPU will mine cryptocurrency for whomever owns the site. Keep in mind: the users are the ones on the hook for CPU usage, which can make an impact on their electric bill. Although the billing impact, itself, might not be especially noticeable to the average user, the cryptocurrency adds up fast for the owners of websites that get a lot of traffic.
Additionally, there’s computer sluggishness and overheating to worry about. While a brand new computer might not slow down too much, an older computer with more limited system resources could grind to a halt if its CPU suddenly spiked up to 100%. And if a system repeatedly overheats, you’re talking physical damage.
At first, the folks at CoinHive claimed this was an alternative method for website owners to generate income without bombarding their site visitors with ads. And while that sounds really altruistic and beneficial, they later admitted to having “invented a whole new breed of malware,” per an article in the German newspaper Süddeutsche Zeitung.
“But criminals have always used vulnerable websites to host malware. This isn’t new.”
That’s half-true. The difference here is that cybercriminals can now inject legitimate sites that don’t belong to them with JavaScript to mine the Monero cryptocurrency, which is completely anonymous and gives the best bang for the buck on end user CPUs. It’s not actual malware being installed on a user’s machine, it’s not something your IT team can remove, and the compromised sites aren’t likely to be blocked by your average web filtering service, unless they already fall into a malicious, suspicious, or otherwise unwanted site category.
But if your clients’ end users start getting cryptojacked, you’re the one who’s going to have to deal with those calls. They’ll tell you their systems are slow, and may be overheating or using up tons of power. They’ll worry that it’s a computer virus and may even demand to know why the security software you provide “isn’t working.”
“So what should an MSP do to stop cryptojacking?”
Luckily, protecting your clients and their end users from cryptojacking doesn’t have to be painful. There are a number of browser extensions you can use, such as Adblock Plus, to add your own filters (see the full how-to here.) If you’re looking for more precise and advanced control, you can try extensions like uMatrix, which let you choose which scripts, iframes, and ads to block.
If installing and fine-tuning browser extensions on all the endpoints you manage isn’t feasible, you could also turn to a cybersecurity vendor. Some vendors, like Webroot, have chosen to protect their users from being exploited without their consent by automatically blocking websites that run cryptojacking scripts. In fact, Webroot SecureAnywhere® Business Endpoint Protection, SecureAnywhere® DNS Protection, and DNS Protection for Guest WiFi all work to keep end users safe from these threats.
For more information on how Webroot can help you protect your clients from cryptojacking and other cyber threats, contact us.
You can also sign up for a free 30-day trial of Webroot SecureAnywhere® Business Endpoint Protection today. It won’t conflict with other security software, and there’s no obligation to buy at the end of your trial period.
Guest blog courtesy of Webroot. Read more Webroot blogs here.
