When one of our devices gets hacked, we all go straight to the typical image: a criminal wants to infect our computer or mobile so that they can steal our data, our documentation, or even our money. Ultimately, it’s about using this security breach to gain some kind of direct benefit.
Practices like this, however, are evolving; these days our company’s cybersecurity, as well as our own, are vulnerable to people who, one way or another, want us to “work for them”. This is exactly what happens with cryptojacking.
What is cryptojacking?
Broadly speaking, cryptojacking is when our computer or smartphone is used without our authorization, not necessarily to steal our data, but so that thieves can mine cryptocurrencies without using their own resources, but instead use ours to do so.
Mining for cryptocurrencies is an ever more complex task that consumes more and more energy resources and computing power. This is exactly why hackers have found a way to make it easier: they get onto other people’s computers and put them to work trawling the web, consuming these computers’ resources to mine cryptocurrencies.
It’s what happened recently at a European bank, where they realized their computer equipment was consuming an unusual amount of resources at nighttime. After an investigation, they found out that their computers were being used to mine cryptocurrencies: an obvious breach of the company’s cybersecurity. Something very similar happened at GitHub, the platform recently acquired by Microsoft, which was also being used for cryptojacking.
How can cryptojacking make its way onto your computer?
There are several possible ways that cryptojacking can end up flooding your devices, but the most common are the following:
1.- Malware. At any moment – be it receiving an email, installing an application, activating some hidden software… – a cybercriminal can install malware on your computer that is capable of taking over the device, making CPU usage soar, and starting to mine cryptocurrencies, without you ever finding out.
2.- Websites and browsers This practice is becoming more and more common: certain websites take advantage of their users’ Internet connections without telling them, putting them to work mining cryptocurrencies, thus tricking these users into allowing third parties to use their computers.
How does cryptojacking affect your company?
The biggest threat posed by cryptojacking isn’t to your personal computer, but at work; if it ends up inundating your company’s computers, it can cause a variety of problems:
1.- Consumption of resources. Believe us when we say that, sooner rather than later, your company will notice the incredible increase in your energy bill, since cryptojacking will tap into every last computer, and use them as often it can.
2.- Technical problems. The vast majority of computers in the world aren’t technologically up to the task of mining cryptocurrencies. If cryptojacking malware makes its way onto your IT system, it won’t be long before your company starts to lose money on tech support, or even on buying new computers.
3.- Your company’s cybersecurity. Stealing data might not be among the cryptojackers’ top priorities, but the fact that these cybercriminals are able to get onto your computers means that there is a serious cybersecurity problem at your company.
How to avoid cryptojacking in your company
If you’re worried that cryptojacking could take over your company, we’ve provided some tips on how to avoid it:
1.- Analyze your resources. All operating systems have some kind of tool similar to System Monitor that analyzes the resources that are being consumed by your company’s computers at all times. Keep track of this to make sure there is no unusual activity.
2.- Processor overheating. Sometimes you won’t even have to resort to System Monitor: if you notice that a computer is suddenly malfunctioning or its processor is overheating, you may well have a problem of this type.
3.- Careful with your browser. If you suspect that cryptojacking is getting in via websites, install plugins to block these sites on your browser. You can also check what websites are using this practice on Whoisminning.
4.- Protect your company’s cybersecurity Your company’s cybersecurity is vital. To look after it, you can rely on Panda Adaptive Defense, Panda Security’s cybersecurity suite, which will protect you from possible breaches. Our advanced cybersecurity solution gives you a full, detailed view of the activity on all endpoints, and allows you to control all running processes.