Guest Contributor: Jeremy Moskowitz
Last year, Merriam-Webster added the word, “Bitcoin” to its latest version of the authorized Scrabble dictionary game. As the most recognized form of cryptocurrency, bitcoin has become embedded in our vocabulary thanks to the barrage of media stories outlining it ascension to financial investment stardom in 2017. Those lucky of enough to get in at the right time saw their digital wallets swell as the price of Bitcoin and other cryptocurrencies seemed to have no limit. But last year, fortunes reversed for many who had put their hopes on this new digital form of gold. Many investors only had a vague understanding of what cryptocurrency was and certainly didn’t realize that Bitcoin is just one of over 1,600 cryptocurrencies today. So while it may be the only cryptocurrency you can use in Scrabble, there are many others that have made investors rich.
The Dirty Business of Cryptomining
There are ways to make money from cryptocurrency other than buying the digital coins and waiting for the price to go up. Cryptocurrency is an alternative, decentralized currency not affiliated with any government state. It is supported by a technology called “blockchain,” which is a digital ledger of economic transactions between parties that can be openly verified across peer-to-peer networks. Blockchains are created by individuals called “miners” who use powerful computer systems to solve the computationally intensive and required mathematical tasks. In exchange for creating and managing the ledgers, miners get a share of the cryptocurrencies they mine.
Called cryptomining, it is difficult to make money this way, just as it is with traditional mining. To effectively cryptomine requires a lot of computer processing power, which doesn’t come cheap. An alternate, illicit approach exists for those willing to go that route. There are miners who will conscript the systems of others to do the mining. Essentially, they hijack your computer, an act called cryptojacking. One computer alone doesn’t have the necessary resources to mine cryptocurrency, but when employed alongside thousands of other compromised devices, you are on your way.
A Cryptocurrency Called Monero
Besides Bitcoin, another popular cryptocurrency is Monero. It has a somewhat taboo reputation as cybercriminals use it because of its anonymity features. For those same reasons, it is also popular amongst cryptojackers. Researchers estimate that $57 million was mined by cryptojackers over the past four years. That is equal to 4.3% of all Monero in circulation today. While legitimate cryptocurrency miners may make as little as $12 / day, those illegitimate miners can make much much more since they don’t have the burden of paying for their own hardware.
Compromising Your Computer
So how does your computer become compromised and make the secret, illicit miners money? Well, there are two ways. The first involves cryptomining malware, which dethroned ransomware as the #1 malware threat in 2018. Phishing attacks are a primary delivery method for this malware nuisance that robs your computer once a user clicks on something. To further complicate the threat, cryptojackers also package added malware droppers that then serve as a deployment means for more types of malware types, including banking trojans like Emotet.
Keeping Illicit Miners Away
If your computer is running slow and killing the resource-hungry process in Task Manager isn’t righting the ship, you may be infected. Like any malware, the only real way to cleanse your machine is with an endpoint solution. Keeping your devices, browsers, and OS fully patched and up to date is an essential step in prevention as some recent cryptojacking strains utilize well-known exploits like EternalBlue which continues to plague unpatched machines.
Every organization today needs both email security and web filtering as part of a multi-layer security strategy to protect users and their devices. Companies are also employing the practice of application whitelisting to ensure that only approved activity and applications are allowed on enterprise devices. There are also solutions that ensure that only executables and applications are permitted run when installed by an admin or approved user account. Personal users can use a safe browsing service at home for added insurance and make sure that the security settings within their favorite browser are configured accordingly. Taking cybersecurity hygiene seriously will help prevent these cryptomining threats from spelling trouble for you.
Jeremy Moskowitz founded PolicyPak Software after working with hundreds of customers with the same problem: they couldn’t manage their applications, browsers and operating systems using the technology they already utilized. Jeremy’s best-selling Group Policy books are on the desks of happy administrators everywhere. Jeremy was one of the first MCSEs in the world and has been designated an MVP in Group Policy by Microsoft for the last decade.