Cryptojacking is a growing threat to users, a UK cyber security agency warns. In its Cyber Threat to UK Business report, the UK’s National Cyber Security Centre (NCSC), outlines the growing use of cryptojacking as a method of mining bitcoin by stealth. The report quotes an earlier study by Checkpoint, done at the end of 2017, indicating that 55% of businesses globally had been impacted by the technique.
One of the most interesting aspects of cryptojacking is how it’s blurring the lines of cybercriminality. Although the NCSC ‘assumes’ that it is ultimately a new technique being used by experienced cyber criminals, the report also notes that websites – without necessarily having any record of cybercrime – are using it as a way of mining cryptocurrencies without users’ knowledge. It’s worth noting that back in February, Salon gave users the option to supress ads in return for using their computing power. This was essentially a legitimate and transparent form of cryptocurrency mining.
What is cryptojacking?
Cryptojacking is a method whereby a website visitor’s CPU is ‘hijacked’ by a piece of JavaScript code that runs when the user accesses a specific webpage. This code then allows cybercriminals to ‘mine’ cryptocurrencies (at present Monero) without users’ knowledge. The NCSC report gives an example of this in action. According to the report, more than 4,000 websites “mined cryptocurrency through a compromised screen-reading plugin for blind and partially sighted people.”
Cryptojacking looks set, then, to become a larger problem within the cybersecurity world. Because it’s so hard for users to identify that they are being exploited, it’s likely that this will be difficult to tackle. However, technology savvy users are already creating solutions to protect from cryptojacking. This will effectively become the next wave of ad blockers.
It will be interesting to see whether this does, in fact, become a model that the media industry takes on to tackle struggling revenues. Could Salon’s trial lead to the increased adoption of legitimate cryptojacking as a revenue stream? Whatever happens, user consent is going to remain an issue.
Source: Coindesk
