According to the 2018 PandaLabs report, between 2017 and 2018, detections of cryptojacking – the illicit use of a third party computer to mine cryptocurrencies – increased 350%. One of the most popular services for carrying out this activity is Coinhive.
Coinhive was set up 18 months ago with the aim of providing a legitimate alternative to ads on websites. However, it didn’t take long for cybercriminals to appropriate this service to attack websites and make themselves some money.
Now, a year and a half after it began, the creators of Coinhive have announced that as of March 8, the service will be discontinued
It may come as a surprise, however, that the decision to close the service is not related to its incessant use in illegal activities. According to the Coinhive team, the fall in the hash rate of Monero, along with the crash of the cryptocurrency market, was the deciding factor.
Coinhive: a controversial history
The fact that Coinhive is closing up shop will come as a great relief for many companies, given that its code was discovered on almost 40,000 websites last year. Many globally renowned companies’ webistes were affected, including: The LA Times, the Australian government, government institutions in the UK and the US… It even affected the world’s second most visited website: YouTube. In this case, the advertising platform DoubleClick was the victim of an attack that hid the CoinHive cryptojacking code in YouTube adverts. All of these factors combined to make it one of the leading threats to users last year.
At the high point of its popularity, it is estimated that cybercriminals who used this service were pocketing around $250,000 a month.
Despite how far reaching the threat is, for many companies, cryptojacking is still not considered to be a serious threat to their cybersecurity. . One reason for this may be the fact that cryptojacking attacks are less showy than other threats, such as ransomware, which have immediate, disruptive effects. However, as we will see, cryptojacking can have serious negative consequences.
Don’t let your guard down
Coinhive was the most popular service for carrying out illicit cryptomining, but it was by no means the only one. Services such as Crypto-Loot, CoinImp, Minr and deepMiner are still very much active. And these scripts were discovered on almost 10,000 websites last year. This means that Coinhive’s closure isn’t the end of the road for cybercriminals who make use of cryptojacking scripts. In fact, one of these alternatives is very likely to become the most popular cryptojacking method.
What’s more, since Coinhive is closing down for financial reasons, we could even see it open its doors again, once more taking up its place as the most popular cryptojacking tool.
With all of this in mind, it’s worth going over the dangers that can stem from a cryptojacking attack:
- High energy demand. One of the first indications of a cryptojacking malware infection is a significant increase in power consumption.
- CPU use. Cryptojacking aims to make use of affected computers’ CPU in order to mine cryptocurrencies. So the presence of cryptojacking script in your company can cause low performance in computers.
- Dangers for corporate cybersecurity. If cryptojacking malware has made its way onto your company’s IT network, that means that there is an open door somewhere. And this open door means that there is a way in for all kinds of threats – threats that can endanger your company.
How to avoid cryptojacking
As is the case with any cyberthreat, it is vital that your company protect itself against cryptojacking – be it cryptojacking that uses Coinhive or whatever the new star cybercriminal tactic may be.
1.- Analyze your resources. If you notice suspicious CPU usage, or if a number of employees report that their computers are slowing down, it may be that cryptojacking is behind it.
2.- Careful with your browser. One of the most popular points of entry for cryptojacking are websites. There are plugins that block suspicious websites.
3.- Carry out periodic risk evaluations. This way, you’ll be able to identify vulnerabilities that can endanger your company’s cybersecurity. Panda Patch Management searches automatically for the patches that are necessary to keep your company safe, and prioritizes the most urgent updates. Appropriate patching policies can reduce the attack surface by up to 80%.
There’s no doubt that the closure of Coinhive is good news for those who want to protect their cybersecurity. Cybercriminals now have one fewer weapon in their arsenal with which to threaten your company’s computers. However, if there’s one thing that defines cybercriminals, it is their adaptability, forever inventing new ways to get what they want. It is therefore essential that we stay vigilant.