10 Things Florida Small Businesses Should Know about OSHA
November 25, 2019

How Florida Businesses Can Prevent Crypto Jacking

Florida cyber liability insurance

Crypto jacking is an emerging cyber threat in which a cybercriminal uses the processing power of an unsuspecting victim’s computer to mine cryptocurrency. Crypto jacking is implemented either by sending a victim an infected email and enticing them to click on a link that loads crypto mining code onto their computer or infecting a website, browser extension or online ad with scripts that auto execute once they’re loaded.

Regardless of how the victim’s computer is accessed, the crypto mining code works in the background while the unsuspecting victim use their computer normally. Sometimes they may notice a slower processing or “lag” time.

Crypto jacking is more common than most businesses realize. According to a study conducted by IBM and released in February 2019, crypto jacking increased by 450 percent in 2018. The study, titled “IBM X-Force Threat Intelligence 2019” found that ransomware attacks are declining, presumably because cybercriminals are getting a better payoff from crypto jacking.

The cost of cyber attacks has dramatically increased in recent years. In October 2019, CNBC reported that cyberattacks now cost companies, on average, $200,000. More than half of all small businesses experienced a cyber breach last year. Furthermore, only 14 percent of businesses are prepared to defend themselves.

Cyber security experts agree that crypto mining is in its infancy. There’s a lot of room for evolution and expansion. Crypto jacking doesn’t require many technical skills. One report found that crypto jacking kits are available on the dark web for as little as $30.

Crypto hackers generally use two tactics for hacking victim’s computers.

  1. Trick victims into loading crypto mining code through phishing-like tactics. Usually, the victim will receive an email that looks legitimate and encourages them to click on a link. The link will run code that places crypto mining script on the computer.
  2. Inject a script on a website or online ad that pops up in the victim’s browser. Once the victim visits the website or views the ad, the script automatically executes. With this tactic, no code is actually stored on the victim’s computer.

Regardless of the method used to crypto jack a computer, the malicious code runs mathematical problems on the victim’s computer and sends the results to the hacker’s server.

Many cyber hackers will employ multiple tactics to deliver more results. Crypto jacking does not damage the victim computer, but it does steal CPU processing resources. For some organizations, this may mean real costs in terms of productivity and time spent tracking down and replacing infected components or systems.

Wondering how to prevent these malicious attacks? Here are 6 strategies to minimize the risk of your business falling prey to crypto criminals.

  1. Include information about the crypto jacking threat into your employee security-awareness training, especially how to detect phishing-type attempts to load scripts onto unsuspecting victim’s computers.
  2. Install an ad-blocking or anti-crypto mining extension on your company computers’ web browsers.
  3. Leverage the power of endpoint antivirus software that is capable of detecting known crypto miners.
  4. Keep your web filtering tools up-to-date.
  5. Only allow employees to use a few official browser extensions and monitor them regularly.
  6. Use a mobile device management system to better control users’ devices. Mobile devices are not as vulnerable to cyber hacking than desktop computers and servers, and most cyber hackers aren’t interested in them because they don’t offer as much processing power as desktop computers.

Here at Lanier Upshaw we encourage you to look for comprehensive cybersecurity software programs to protect your business. Many reputable software programs protect you from malware, ransomware and other online threats in addition to crypto jacking. But no matter how up-to-date your cybersecurity software, breaches unfortunately are a reality in today’s threat landscape. To learn more about how Lanier Upshaw can help protect your business from cybersecurity risk, contact us here today.