Cryptojacking Protection

What is Cryptojacking?

A general phrase given to a wide range of attacks, Cryptojacking is where attackers find a way to make victim's devices mine Cryptocurrency for them. We specialise in protection against Drive-By Cryptojacking, where webpages are infected with malicious JavaScript, and visitors to that page are forced to mine Cryptocurrency for the attackers.

As a form of Cross-Site Scripting, we're well suited to help you detect and mitigate Cryptojacking attacks and lean heavily on our Threat Intelligence capabilities to do so. Whilst Cryptocurrencies have been around since 2009, it wasn't until 2018 that we started to see a surge in Cryptojacking attacks targeting the Web.

for 2018 we found that Cryptojacking had a 35 percent share of all web threats

- Webroot

What is their goal?

Money! Mining Cryptocurrency comes with the financial overheads of needing to purchase hardware to mine with, and, purchasing electricity to run that hardware, making it difficult to turn a profit. Attackers avoid both of these costs by forcing other people's devices to mine Cryptocurrency for them, meaning they can turn an easy profit.

All that is required for an attacker to enslave all the devices that visit your site is to find a way to place their malicious JavaScript on your pages. Once there, they will remain undetected for as long as possible and often leave no visual clues to their presence.

A combined total earning of $150,000 per month through over 1 billion visits by users has been estimated for just 33,000 sites

- Queen's University Belfast (You Could Be Mine(d): The Rise of Cryptojacking)

Recent Developments

Whilst attackers have started to expand their horizons and look beyond just infecting your webpages, by infecting your cloud environments too, Cryptojacking still remains a credible threat to contend with. Some arguments are made that beyond a few CPU cycles and some electricity cost for your visitors, the damage caused by a Cryptojacking attack is relatively minor, but we disagree.

A Cryptojacking attack is a proven vulnerability in your application and whilst the malicious JavaScript that has been injected is currently mining Cryptocurrency, it could be substituted for something far worse with ease. Take a look at the following Case Studies on notable Cryptojacking attacks for more information:

Cryptojacking remains popular due to a low barrier of entry and minimal overhead

- Symantec (Internet Security Threat Report)

How we can help

Whilst Cryptojacking is not topping the charts as the most popular attack out there, it is still a form of Cross-Site Scripting and with almost no effort on behalf of the attacker, could be re-purposed into something far more dangerous like a Magecart infection.

The Tools and Features of our service will detect and mitigate XSS attacks, regardless of what objective your attackers may have. Below are some of our products that you may be interested in, or reach out to if you'd like more information.

Script Watch

Script Watch will monitor all JavaScript dependencies across your entire site and immediately notify you of any changes. A new JavaScript dependency could be the start of a Cryptojacking attack.

Because Script Watch leverages the browser native Content Security Policy, there is no code or agent to deploy and running in the browser means we analyse your site in real-time as your users are browsing. We don't have the same limitations as external scanning services such as authentication or pay walls, geo-sensitive content or an attacker potentially serving safe content to the crawler.

Read More

Data Watch

Data Watch will monitor all of the locations that your webpages are sending data to. If your website starts sending data to a new location, it could be the start of a Cryptojacking attack.

With Script Watch and Data Watch combined, you can monitor for clear indicators that your site has been compromised. Attackers will always want to inject their hostile JavaScript, and they'll always want to exfiltrate their stolen data.

Read More

Content Security Policy

Script Watch and Data Watch will allow you to rapidly detect and respond to a Cryptojacking attack and combined, that capability puts you ahead of the field. If you want to take it a step further, Content Security Policy can mitigate a Cryptojacking attack and stop it from even happening.

Deploying an effective Content Security Policy can be difficult, but our CSP Reporting allows you to gather feedback and safely test a policy before deployment. Once deployed, an effective Content Security Policy will block a Cryptojacking attack and stop the hostile JavaScript from even running.

Read More

Threat Intelligence

We subscribe to various feeds of Threat Intelligence data, along with managing our own internally generated feeds, to keep apprised of the latest threats that exist online.

Using this Threat Intelligence Data, we can better analyse the sources of JavaScript on your website and detect malicious activity sooner.

Read More