One of the most common attacks in 2018 has been the scourge of unauthorized cryptocurrency miners that run in the background on websites. It's an attack type that is increasingly referred to as "cryptojacking." In a cryptojacking attack, a cryptocurrency mining script is injected into a server or a web page to take advantage of a victim system's CPU power.
In our last article on cryptojacking, we detailed how to limit the risk of servers being coopted in an unauthorized cryptocurrency mining operation. In this article, you'll learn how to defend your desktop against in-browser cryptojacking attacks.
- In-browser cryptojacking
- Look for high resource utilization
- Gateway protection
- Endpoint protection
So how do you block sites from consuming your CPU power with cryptocurrency miners? There are a few options.
Many modern browsers provide resource utilization metrics that can help pinpoint potential cryptocurrency mining activities. Simply put, if a certain browser tab has a high resource utilization (and it's not being used for a known high-resource task), that could be an indicator of a cryptocurrency miner at work.
Killing the tab process, or just closing the tab, will stop the mining activity.
Cryptocurrency miners are known issues and often have well-understood characteristics. Multiple web gateway protection technologies provide site filtering rules that will block cryptocurrency miners at the gateway. For more, see eSecurity Planet's guide to 9 Top Secure Web Gateway Vendors.
Endpoint Detection and Response (EDR) tools also play a strong supporting role in identifying and blocking cryptojacking attacks on endpoints that come through in-browser scripts. EDR solutions offer continuous monitoring and response to advanced security threats. For a deeper look at EDR vendors, see eSecurity Planet's list of Top Endpoint Detection and Response Solutions and our EDR selection tool.
Cryptocurrency mining protection capabilities are also available in different browsers to varying degrees.
The Opera web browser claims to include built-in cryptocurrency miner protection as of the Opera 50 release that debuted on Jan. 4. Opera's cryptocurrency projection is provided via the integration of the NoCoin tool. NoCoin is also available as an optional add-on for other web browsers, including Google Chrome and Mozilla Firefox.
The Brave web browser provides an integrated capability called "Shields" that provides ad-blocking and script blocking, plus anti-tracking features that can help limit the risk of cryptocurrency miners.
Both Google Chrome and Apple Safari have limited integrated ad-blocking capabilities that may be able to block some (but not all) cryptocurrency miners that come via ads.
In addition to NoCoin, there are multiple additional add-ons that can potentially block cryptocurrency miners from running in the browser.
There are multiple tools and methods available to test web browsers to confirm that anti-cryptojacking tools are working. One such tool can be found at cryptojackingtest.com, hosted by Opera software.
Different cryptocurrency mining tools are becoming increasingly stealthy and deployment techniques are likely to evolve. Ultimately, as with all security, you have to be wary and use multiple technologies, including browser, endpoint and gateway-based solutions, to help limit the risk and nuisance of cryptocurrency miners consuming your valuable CPU resources.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.