Maksim Kabakou - Fotolia
Unlike many other types of malware, the purpose of cryptojacking is not to steal data, but to covertly hijack the computer processing power of the device. This can cause devices to consume more power, overheat, lag in performance and potentially destruct, which can disrupt business processes.
The implications can be particularly costly for an organisation if their corporate servers are the target of a cryptojacking attack.
Cryptojacking can be difficult to detect, particularly if it is performed in-browser. Organisations should monitor any anomalies or spikes in the use of computer power (and electricity), and proactively examine cryptojacking as a possible cause for system degradation.
To protect against cryptojacking, organisations should take a layered approach, which may include the following measures:
- Applying anti-mining browser extensions, such as NoCoin, MinerBlock, Coin-Hive Blocker
- Disabling Java on specific websites
- Blocking known mining domains
- Tuning antivirus and antimalware software to detect adware and potentially unwanted programs.
Legitimate cryptomining models may become the new normal. Web content providers could fund their services by offering consumers a choice – view pop-up adverts or enable cryptomining using idle CPU time.
Users dislike adverts, especially prominent ones that get in the way of their ability to read a web page. A nice clean page while the user’s CPU mines cryptocurrency in the background may be preferable over intrusive pop-ups.
Read more from Computer Weekly’s Security Think Tank about cryptojacking
Online media firm Salon.com pioneered this approach in early 2018, allowing users to opt in to cryptomining for an ad-free experience. Such business models may eventually undercut the criminal gains of cryptojacking.
This concept is very familiar if we cast our minds back some 20 years to the SETI@Home programme, and more recently the Folding@Home project, where users volunteered to run a screensaver that used their computing resources while away from their desk. So perhaps this is really nothing new.