Cryptojacking Cost: A Threat to Your Business and the Environment

Cryptojacking has become a growing concern for businesses worldwide, with its costs adding up quickly. In 2020, a report revealed that cryptojacking attacks increased by 189% in just three months.

The financial impact of cryptojacking can be substantial. According to a study, the average cost of a cryptojacking attack is around $1.4 million.

Not only do businesses suffer financially from cryptojacking, but the environmental impact is also significant. A single Bitcoin transaction requires 1,000 kilowatt-hours of electricity, which is enough to power a small town for a day.

Cryptojacking can happen to anyone, regardless of their business size or industry.

Cryptojacking is a type of cyber attack where hackers use your processing power to mine for cryptocurrency.

Cryptojackers sneak mining malware into your systems through leaked login details, brute force, or unpatched vulnerabilities in your operating system and other software.

They can also get crypto-mining malware through USB flash drives or network storage.

Once inside, the malware spreads in a worm-like way, using your device's resources to mine for cryptocurrency without your knowledge or consent.

Cryptojackers exploit your processing power to generate cryptocurrency, which they can then sell or use for their own gain.

Cryptojackers use various tactics to infiltrate and exploit your devices, and it's essential to understand these strategies to protect yourself.

One way cryptojackers get a target computer to secretly mine cryptocurrencies is by persuading victims to load cryptomining code onto their devices through social-engineering methods like phishing.

They may also inject a script into an ad or website, which is distributed to multiple websites, and when the victim views the website or the infected ad appears on their browser, the script is executed automatically.

In some cases, attackers may combine these two strategies to maximize their gains, using 90% of devices to mine cryptocurrencies through their web browsers and 10% through code on the target machines.

There are three primary types of cryptojacking attacks: Download, Injection, and Hybrid.

Here are the details of each:

Cryptojackers may also spread their malware through leaked login details, brute force, or unpatched vulnerabilities in your operating system and other software.

Cryptojacking malware can have a significant impact on your business, causing both indirect and direct losses. Malicious mining can result in a noticeable increase in electrical consumption, which can lead to higher energy bills.

Research suggests that after two consecutive days of malicious mining, the batteries of infected devices may begin to expand, causing physical deformation. This is a serious concern, especially for mobile devices.

Cryptojacking malware can also decrease the efficiency and speed of genuine computing workloads, causing performance issues that can affect your customers and end-users. This can be particularly problematic for organizations that rely on fast and reliable computing, such as healthcare providers.

Cryptojacking attacks can go undetected for several months, making it difficult to determine their true cost. This can lead to compounded costs, including the aging of hardware and wasted bandwidth.

In extreme cases, cryptojacking malware can cause physical damage to devices, such as the deformation of mobile phones. This is a concerning trend that highlights the importance of protecting your systems from this type of malware.

Detection can be done in various ways, including monitoring cloud costs for unexpected increases, detecting binaries used for cryptocurrency mining via static or runtime detection, and identifying open ports like 8447 (TCP) on each miner.

Monitoring cloud costs is a crucial step in detecting cryptojacking, as unexpected increases can indicate unauthorized activity.

You can detect binaries used for cryptocurrency mining by looking for large 108GB storage files starting with the string "Proof of Space Plot" in the Chia project's Github repo.

Port 8447 (TCP) needs to be open on each miner, so identifying this port being accessible may indicate it is being used for Chia mining.

Network lookups to subdomains of chia.net can also indicate use of this crypto miner.

Indications of a compromised user or resources should be investigated.

Wiz customers can use their built-in detections for Chia miners and check for any workload with port 8447 open.

To prevent cryptojacking, you should employ strong endpoint protection, including anti-malware that can detect cryptominers and keep web filters up to date.

Patch and harden servers, including patching, turning off unused services, and limiting external footprints.

Use software composition analysis to provide better visibility into what components are being used within software and prevent supply chain attacks.

Hunt down cloud misconfigurations by tightening cloud and container configurations, finding cloud services exposed to the public internet without proper authentication, and rooting out exposed API servers.

Here are some methods for flagging signs of cryptojacking:

Cryptojacking can result in indirect and direct losses for an organization, including a noticeable increase in electrical consumption and the aging of hardware due to overworked processing cores.

The costs of cryptojacking can be compounded because attacks tend to go undetected for several months, making it difficult to determine their true cost.

Research suggests that after maliciously mining cryptocurrency for two consecutive days using mobile mining malware, the batteries of the infected devices may begin to expand to the point where the affected phones are physically deformed.

Cryptojacking can also lead to severe performance issues, which will have an immediate impact on customers and end-users, as seen in cases where healthcare providers and essential infrastructure were targeted.

In 2022, Kaspersky research found cryptojacking accounted for more than 5 percent of attacks on internet-connected computers, with nearly 30 million cryptojacking attempts aimed at business systems detected by their software.

Cryptojacking is a serious issue that can have significant costs and impacts on individuals and organizations. It's the unauthorized use of someone else's compute resources to mine cryptocurrency.

Hackers target any kind of system they can take over, including desktops, servers, and cloud infrastructure. This can happen through various means, including social-engineering methods like phishing.

Cryptojacking code typically works quietly in the background as unsuspecting victims use their systems normally. The only signs they might notice is slower performance, lags in execution, overheating, excessive power consumption, or abnormally high cloud computing bills.

The two key strategies hackers use to get a target computer to secretly mine cryptocurrencies are download and injection. Download involves persuading victims to load cryptomining code onto their devices, often through phishing emails or links. Injection involves injecting a script into an ad or website that is distributed to multiple websites.

In both strategies, the code executes complex mathematical problems on the target computer and passes the results to a server controlled by the hacker. This can happen automatically, without the victim even realizing it.

Here are the two key strategies used by hackers:

In some cases, hackers may combine the two strategies to maximize their gains. This is known as a hybrid approach, where some devices are infected through download and others through injection.

Cryptojacking costs and impact are very real concerns for individuals and businesses alike. In 2017, a single cryptojacking attack on a US-based company resulted in losses of over $1 million.

The University of Maryland was hit with a massive cryptojacking attack in 2018, with hackers using over 1,000 computers to mine cryptocurrency. This type of attack can be devastating for educational institutions.

The average cost of a cryptojacking attack on a business is estimated to be around $100,000. This is a significant financial burden for any organization.

A single cryptojacking attack can also have long-term consequences, such as damage to a company's reputation and loss of customer trust.

Cryptojacking attacks can result in both indirect and direct losses for an organization, with the targets ultimately paying for the computing power used by hackers.

Research suggests that after maliciously mining cryptocurrency for two consecutive days using mobile mining malware, the batteries of infected devices may begin to expand to the point where the affected phones are physically deformed.

Cryptojacking attacks can also lead to a noticeable increase in electrical consumption, contributing to the aging of hardware by overworking processing cores.

In 2022, Kaspersky research found that cryptojacking accounted for more than 5 percent of attacks on internet-connected computers, with nearly 30 million cryptojacking attempts aimed at business systems.

The cost of system resources for cryptojacking is substantial, with 53 US dollars of system resources needed to earn just 1 US dollar in crypto earnings.

Here are some key statistics on the costs of cryptojacking:

By understanding the true cost of cryptojacking, businesses can take steps to mitigate the risks and protect their resources.

The environmental impact of cryptojacking is a significant concern. Its sky-high energy use should make preventing cryptojacking part of your corporate social responsibility (CSR) strategy.

Preventing cryptojacking attempts can have a substantial impact on the environment. By foiling cryptojacking attempts, Kaspersky’s software prevented up to 3,000 tons of carbon being emitted in a year – equivalent to more than 650 cars.

This is a staggering amount of carbon emissions that can be reduced by taking action against cryptojacking. It's a clear reminder that cybersecurity and environmental sustainability go hand in hand.

Cryptojacking in the cloud is a serious issue. 86% of compromised cloud instances are used for cryptomining, according to a study by Google's Cybersecurity Action Team.

Attackers are targeting cloud services by any means to mine more and more cryptocurrency, as cloud services can allow them to run their calculations on a larger scale than just a single local machine. This makes cloud-based attacks particularly lucrative.

One of the common methods to do this is by scanning for exposed container APIs or unsecured cloud storage buckets and using that access to start loading coin-mining software on impacted container instances or cloud servers. Attackers generally use scripts to drop the miner payloads onto the initial system and to look for ways to propagate across connected cloud systems.

Chia mining in the cloud can be particularly problematic, as it generates files that are 108GB in size, resulting in significant storage charges. Storing that much data in S3 will result in storage charges of $2.48/mo, in addition to access charges.

Cryptojackers don't worry about cost effectiveness or terms of service violations, so they can scale their operations dramatically. They might make an impressive $27K/mo by using 110 PB, which will result in a cloud bill of $2.5M/mo.

To prevent cryptojacking, start by employing strong endpoint protection that can detect cryptominers and keep web filters up to date. This will help minimize the risk of browser-based scripts executing.

Patch and harden servers, including patching, turning off unused services, and limiting external footprints, to make it harder for cryptojackers to find vulnerable servers.

Using software composition analysis tools can provide better visibility into what components are being used within software, helping to prevent supply chain attacks that leverage coin mining scripts.

Cloud misconfigurations can be a major entry point for cryptojackers, so it's essential to hunt down and fix exposed cloud services, API servers, and credentials stored in developer environments and hardcoded into applications.

Cryptojacking attacks can result in both indirect and direct losses for an organization, with targets paying for the computing power used by malicious miners.

Cryptojacking malware can spread in a worm-like way, making it difficult to isolate and remove. This is because certain cryptomining scripts have worming abilities that let them infect other servers and devices on a target network.

Malicious mining can lead to a noticeable increase in electrical consumption and the aging of hardware, including cores belonging to discrete graphics cards. This is due to overworking processing cores to enable malicious extraction of cryptocurrency.

Research suggests that after maliciously mining cryptocurrency for two consecutive days using mobile mining malware, the batteries of the infected devices may begin to expand to the point where the affected phones are physically deformed.

Cryptojacking attacks can result in severe performance issues, which can have an immediate impact on customers and end-users. For example, a healthcare provider may be unable to access critical patient health data.

Cryptojacking attacks can be combined with fake antivirus software to assail victims with ads stating that they must pay to have their devices cleaned. This is a troubling blend of ransomware and malicious mining.

Two key strategies used by hackers to get a target computer to secretly mine cryptocurrencies are download and injection. Download involves persuading victims to load cryptomining code onto their devices, while injection involves injecting a script into an ad or website.

Browser-based cryptojacking can occur when cryptominers spread through a network, making it difficult to isolate and remove them. To maximize their capacity to spread, cryptomining code may include multiple versions that leverage weaknesses in different network protocols.

Here are some common ways that cryptojacking malware can spread:

Supply chain attacks via npm libraries have also been used to spread cryptojacking malware. Researchers have found malicious packages hiding in npm, including one that impersonated a popular, legitimate library used by developers.

In 2021, researchers at Sonatype found a trio of malicious packages in npm, including one that was downloaded over 7 million times. This highlights the importance of monitoring software supply chains for malicious activity.