Cryptojacking is the new malware

cryptojacking malwareThe success of cryptocurrencies such as Bitcoin, is driving the increasing popularity of cryptomining, the process by which these currencies are earned. At its core, mining for cryptocurrency requires massive computing power. This in turn has led enterprising miners to seek new and sometimes unethical methods of gaining access to computing resources by hijacking them via web browsers, giving rise to a new form of malware called cryptojacking.

Each cryptojacked machine may provide a small fraction of computing cycle time but, when combined, they are transformed into distributed supercomputers that can earn hackers substantial cryptocurrency amounts. Moreover, any of these hacked machines could be revisited and subjected to even more nefarious cyberattacks at some point down the road.

Who exactly is behind cryptojacking and what can be done to stop it? Let’s take a closer look.

The browser’s Trojan

Serving as the gateway to the Internet, browsers have gotten sophisticated over the years – and so have the hackers. Utilizing easily accessible JavaScript libraries, hackers can inconspicuously inject code into even the most secure websites. When a user visits these infiltrated websites, they are unknowingly running extra bits of code that enable hackers to utilize their device as part of a larger cryptomining initiative.

In several notable examples, companies like mining-software library Coinhive, dubbing itself as an alternative to ad-blocking technology, have had their scripts illicitly embedded on websites from Showtime television network to the Ecuadorian Papa John’s Pizza.

Covert or overt, drive-by mining schemes are often invisible to users, yet the implications for the enterprise can be severe. Slower performing computers can hamper productivity while the scripts running in the background can provide an open doorway for future malware or ransomware attacks.

Stopping it before it cryptostarts

Most enterprises implement a defense-in-depth strategy that includes anti-malware solutions, browser plug-ins, URL filtering, and proxies. A new approach that complements these technologies offers a twist that enhances browser security without compromising the user experience.

Remote Browser Isolation (RBI) technology offers a virtual browser that resides in disposable containers outside of the network (usually in the DMZ or the cloud). Transparent to users, remote browser isolation looks and feels like their regular Firefox, Chrome, Opera, or Edge browser and delivers the same experience.

Websites are rendered by the virtual browser away from the endpoints themselves, and streamed back to users in real-time, for a native and interactive web browsing experience. The user does not recognize any performance degradation or latency, while the endpoint is protected from malicious web downloads or drive-by mining threats.

Once the user’s browsing session ends or expires, the container in which the session runs is simply discarded along with any malicious files that may have been encountered. Additionally, computing resources allocated for each disposable container are highly restricted. Thus, if a mining hack stealthily makes its way in, it’ll have a very limited window of time to monopolize the processing resources allotted to the container before it is wiped out.

With RBI technology in place, enterprises have a comprehensive solution to shield their users and network resources from cryptojacking threats. Hackers will have to stake their cryptomining claim somewhere else.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.