The National Cryptological Center recommends a series of good practices to avoid attacks, which are easily launched but hardly detected
Cryptojacking is a type of attack through which the illegitimate use of an external electronic device is used for taking advantage of its processing and calculating capacity of the graphics card, the memory and the processor. The objective is to take advantage of users’ devices for the process of obtaining cryptocurrencies.
Cryptojacking attacks vary depending on the objective pursued by the cybercriminal and the form of distribution of the harmful code. This can be done through fraudulent email (phishing), Internet of Things (IoT) devices, web pages or mobile applications.
This situation is becoming increasingly worse. According to data from the National Cryptological Center (NCC) in Spain, this type of practice increased 34,000% in 2017. Only in the last three months of that year, the increase was 8,500 percent. In addition, attacks are easy to launch and automate, but hard to detect in infected devices.
After analyzing different occurrences of crypto attacks, this center, which is attached to the National Intelligence Center, has prepared a report that aims to guide users’ on how to avoid the risks that arise from this practice. This report includes recommendations that are intended to hinder these attacks, from the perspective of how important it is for users to be aware of advice such as disabling Javascript in browsers.
A Few Pieces of Advice against ‘Cryptojacking’
The NCC reminds users that many cryptocurrency miners are written in JavaScript, which is especially harmful to websites that need JavaScript for their execution. Consequently, they recommend using extensions, such as Toggle Javascript, to activate and deactivate this programming language.
They also recommend the use of extensions to block unwanted pop-ups and advertisements, as some websites may launch a small window, which minimizes immediately and goes without being noticed by the user, thus initiating the mining process or the execution of other malicious code. There are also specific extensions that detect and protect the miners.
Updating both the antivirus and the operating system often solves vulnerabilities that could be used by hackers, so users should always have the latest version of those programs.
Users’ e-mail accounts can be used as a gateway for cyber criminals, so they advise applying antispam filters in order to avoid downloading harmful code. Regarding the opening of unknown files, the NCC advises to always show file extensions, not to enable macros in an office document or, if it is done, to verify that they are signed by the sender.
Before downloading files from unknown web pages, they recommend users to run them for the first time through a virtual machine. They also advise using a blacklist of websites that use crypto miners through extensions such as NoCoin or Minerblock.
Finally, it is convenient to change the credentials that come from the factory in electronic devices, choose robust user names and passwords and not download or install programs or applications that come from unofficial sites.
The piece of advice given by the National Cryptological Center from Spain, as well as other renowned international organizations, should be followed by both those who are in the business of cryptocurrencies and those who want to become a part of it.
By Willmen Blanco
