The new internet threat on the block: cryptojacking

A new type of malicious attack is worming its way across the internet and it is only going to get bigger. This threat is not designed to cripple systems like a DoS attacks, nor is it designed to hold you sensitive files hostage in exchange for payment as ransomware, though the threat is indeed all about making money.

Yes, we are talking about Cryptojacking.

We are going to look into the ins and outs of crytopjacking, tell you what to watch out for and recommend some resources and products designed to defend your systems against a cryptojack attack.

Cryptojacking defined

Cryptojacking is a web attack designed to silently steal a proportion of your computer power in order to mine cryptocurrencies, all without your permission or knowledge.

Now, you won’t be directly out of pocket, other than your energy bill might go up. And this type of threat doesn’t comb through your files for personal stuff. You are however unwittingly handing over computer power to an unknown third party.

The typical function of a cryptojacking attack is to run in the background of a web session. Often, it is only a few lines of JavaScript code designed to auto-execute upon being loaded within the victim browser. You may be lured to a site via a malicious ad or link, or perhaps you were searching for information on crytojacking and were lured onto a bogus help page.

Most cryptojacking attempts try to steal imperceptible amounts of power by design; others can render your machine useless, often due to poor coding on the attackers’ part – the thieves make less cryptocurrency if victims notice and stop the cryptojacking threat.

Without reputable web security software in place, it can be almost impossible to spot. What you might notice if you were a cryptojacking victim would be your machine slowing down, where the computer lags. You might also notice your fan whirring away as it tries to cool your system from overheating.

Why is Crytojacking popular?

Cryptojacking is touted as the next big attack vector for a few key reasons. One, it does not require as much effort or computing wizardry to pull it off. Two, it demands very little in terms of resources of management, for example, there is no need to contact a victim or demand cash – they are just taking it.

In other words, it is easy money. According to CSO online, “cryptojacking doesn’t even require significant technical skills. According to the report, The New Gold Rush Cryptocurrencies Are the New Frontier of Fraud, from Digital Shadows, cryptojacking kits are available on the dark web for as little as $30.”

How to defend against cryptojacking attacks

If the threat is in the webpage, closing the tab will disconnect the the cryptojack attempt. However, if the attack has managed to infect your browser, it may be best to turn to trusted IT security software to locate and eradicate the threat.

Review your browser preferences, plugins and extensions. Delete anything and everything that is obsolete. Best computing practices recommend that you turn off all non-critical browser services, turning on only what you need when you need it.  

If you have any web filtering tools, use them! If a site or webpage is found to be loading cryptojacking scripts, block it.

Defend your web systems from Crytojacking with GFI Security

Kerio Control: Unified Threat Management Without Complexity

Protects your network from viruses, malware and malicious activity with an easy-to-administer yet powerful all-in-one security solution.

“Kerio Control brings together next-generation firewall capabilities — including a network firewall and router, intrusion detection and prevention (IPS), gateway anti-virus, VPN, and web content and application filtering. These comprehensive capabilities and unmatched deployment flexibility make Kerio Control the ideal choice for small and mid-sized businesses.”

Learn more: https://www.gfi.com/products-and-solutions/network-security-solutions/kerio-control 

GFI WebMonitor: Control of your web activity and block web-based threats

Protects your web activity from malicious agents, providing strong web filtering capabilities to block unwanted traffic.

‘Uncontrolled web activity can impact productivity, lead to malware infections, increase costs and potential legal liabilities, as well as a bruised company image. GFI WebMonitor delivers unique web filtering capabilities by combining application-based traffic filtering with a website categorization functionality. Together they allow accurate control over what users are doing online and the applications they are using.”

Learn more: https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-webmonitor

GFI OneGuard: Centralized network security and IT management platform for business

Enterprise-grade network security and resource management tools providing centralized control through real-time Antivirus, patch management, resource management and reporting tools for business.

“Antivirus is the most fundamental security function, critical to keeping connected machines safe from malware. Using the leading AV engine powered by Kaspersky Lab, GFI OneGuard delivers real-time protection from the latest threats. Using agents installed on each device and managed from a central dashboard, you can control scans, updates and every aspect of virus protection.”

Learn more: https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-oneguard

If you think you can’t afford all of these solutions, think again. GFI Unlimited gives you access to all of the software mentioned here and more with a game changing subscription. Unleash the power for a full library of network security and communications solutions to streamline your business for one low price.

Learn more about GFI Unlimited by reaching out to one of your local GFI partners.