Cryptojacking: What It Is and How to Prevent It

November 17, 2020

In the digital age, businesses face numerous risks associated with computer and technology systems. Highly publicized data breaches of major corporations have captivated the attention of business leaders; these breaches have also cost billions of dollars in forensic analysis, recovery, and reputational harm. While cyber liability insurance serves as the foundation of risk management, business leaders need to understand cyber risks. One of the emerging risks is that of “cryptojacking,” which exposes affected companies to the potential for severe liability claims. In this article, we will explore cryptojacking and provide information on how to prevent this cyber crime from harming your business operations.

What is Cryptojacking?

Cryptojacking refers to the illegal practice of hijacking someone else’s computer for the purpose of mining cryptocurrency, or digital/virtual currency like Bitcoin. Cyber criminals gain access to computer networks or spoof victims into installing cryptomining code onto computer systems. The code runs in the background and is difficult to detect. While the scripts used to mine cryptocurrencies do not in themselves damage computer systems, their placement represents a breach in network security. Once hackers gain access, they may attempt to hijack sensitive business data or commit other cyber crimes, putting the business at risk.

It is unclear how much cryptocurrency has been mined through this unauthorized hijacking of computers, but its value is estimated to be billions of dollars. In 2018 alone, a single cryptojacking incident infected more than 500,000 computers in Asia, netting criminals as much as $4 million. Computer security analysts indicate that the cryptojacking technology is relatively easy to master and expect significant growth in sophistication in the coming years. Cyber liability insurance is crucial for business owners who rely on computer systems and the sensitive data those computers contain.

Preventing Cryptojacking

By working in the background and being difficult to detect, cryptojacking may go unnoticed for long periods of time. The anonymous nature of the criminal act, and the fact that nothing was stolen from the infected computers, gives little incentive for businesses to pursue legal remedies. Nevertheless, network intrusion by cyber criminals is a serious threat and can lead to the loss of sensitive business data, not to mention the expenses associated with prevention and recovery. While cyber liability insurance is designed to provide protection from criminal activity and their expenses, preventing cryptojacking in the first place is the key to risk management.

As with any cyber criminality, monitoring unusual computer activity is the first step in preventing unauthorized intrusion. Computer security professionals recommend regular monitoring of systems and hardware for any signs of tampering. Updating security software and applying patches to systems also reduces the potential for unlawful network access.

Training employees in detecting fraudulent activity is another key component of risk management. Cryptojackers often use a technique called “phishing” to fool someone into clicking on a web link or email that looks legitimate. Clicking that link loads malware or cryptomining applications onto the computer network. Identifying and avoiding phishing attempts should be an integral part of employee training.

IT professionals should also receive specific training on cryptojacking practices and detection. In many cases, an increase in the number of employee complaints related to slow computer performance is an indication that cryptomining scripts are infecting computers. Training for all stakeholders is an important approach that can help prevent criminal hacking from harming business operations.

Because criminals sometimes infect legitimate websites with spoofed ads, security professionals recommend installing ad-blocking browser extensions on computers connected to the internet. Some third-party ad-blocking apps already incorporate tools to detect cryptomining.

Finally, business owners must carefully assess their current insurance protections. Cyber liability insurance is designed to protect business assets from losses from illegal computer activity. With the right security practices, and insurance policies and coverages in place, businesses can rest assured that their critical networks are secure from cyber criminals. ◼