Jan 05 2024

What Is Cryptojacking, and Why Is Higher Education Being Targeted?

Attacks connected to cryptocurrency are increasing exponentially. It’s imperative for institutions to understand what they’re defending against.

It’s no secret that higher education institutions must continue prioritizing cybersecurity in the face of new and emerging threats. What’s less obvious is which threats to focus on, particularly because not all threats are readily apparent.

Cryptojacking is one such threat that’s rapidly emerging, but it isn’t new. While cryptojacking attempts passed the 100 million mark for the first time in 2022, there have been well over 50 million attempts each year since 2018. And it’s a type of cyberattack that can be easy for institutional and IT leaders to overlook.

What Is Cryptojacking?

As its name implies, cryptojacking has to do with cryptocurrencies. In fact, Interpol defines cryptojacking as “a type of cybercrime where a criminal secretly uses a victim’s computing power to generate cryptocurrency.”

Because cryptocurrencies are digital, only computer programs and computing power are needed to create, or mine, them. And mining for crypto isn’t a crime. It’s actually needed to maintain and grow cryptocurrency blockchains. So, cryptominers will usually receive a block reward for their efforts, often in the form of the network’s native coins (e.g., Bitcoin miners would receive bitcoins, or BTC tokens).

Click the banner below to find out how identity and access management paves the way to zero trust.

However, cryptomining can be an intensive project in terms of electricity use, as cryptocurrency itself has an energy consumption problem. The Bitcoin network alone is estimated to consume 127 terawatt-hours of energy per year — more than Norway and many other countries do — and that electricity use can be costly.

Considering this, cryptojacking is a way for criminals to cut costs while increasing their potential for financial gain. That’s part of why it’s growing in popularity, with 332 million cryptojacking attacks tallied in the first half of 2023, a record 399 percent increase from 2022.

How Does Cryptojacking Work?

According to Imperva, there are two main strategies through which cryptojackers secretly mine cryptocurrencies: download and injection.

Download is just that — persuading victims to load cryptomining code onto their devices. This is achieved through phishing and other social engineering methods. The hidden malicious code that the cryptojackers implement adds the cryptomining script to the victim’s device, where it runs in the background while the victim works. It can also be achieved through malware. As recently as 2021, cryptominers were behind 58.4 percent of all Trojans, according to a report from ReasonLabs.

LEARN MORE: Four ways higher ed institutions can better defend against consent phishing.

Injections are the type of attack that “allows an attacker to inject code into a program or query or inject malware onto a computer in order to execute remote commands that can read or modify a database, or change data on a website,” according IBM. When a malicious script is implemented in an ad or website, it is then distributed to multiple websites. When an unsuspecting victim views the ad or website, the script is executed automatically, without the victim’s computer storing any code.

Instead of choosing just one strategy, attackers may combine these approaches to maximize their financial gain. Of course, they may also opt for a less common approach. The cybercriminal group Automated Libra, for instance, used a combination of freejacking and play-and-run tactics to run its PurpleUrchin campaign. Attackers created and used over 130,000 fake accounts to leverage the free or trial-based cloud computing resources and platforms offered by different service providers. Regardless of the approach, however, cryptojackers are seeking computing power, and institutions should be on the lookout.

Why Is Higher Education a Target for Cryptojacking?

Higher education institutions often have far-reaching networks and a wealth of computing power. They also have hundreds, if not thousands, of people using these networks across multiple devices, many of which are personal devices that don’t have all the security measures of school devices. This can make institutions a prime target for cryptojacking. Attackers looking to infect a university’s network can start by compromising just one student or faculty member’s device, then spread their cryptomining script to all devices used on the network.

Considering this, it is little surprise that cryptojacking has forced some universities to shut down their entire networks. It also helps illustrate why the education sector saw 320 times more cryptojackings in the first half of 2023 than in all of 2022.

How Should Institutions Defend Against Cryptojacking?

Cryptojacking isn’t harmless. On an individual device, it can negatively impact performance, resulting in overheating, lower available processing power and reduced productivity as the cryptomining takes place in the background. And that’s to say nothing of the increase in electricity costs and the environmental harm created by extra energy consumption. At an institutional level, the reduced performance could have an even more drastic impact if it leads to more and greater data breaches amid weakened cybersecurity.

So, it’s imperative for institutions to defend against cryptojacking. As cryptojacking methods are limited only by the attacker’s creativity, educating students and faculty about overall best cybersecurity practices — including how to identify and avoid phishing schemes targeting students — isn’t going to cut it.

READ MORE: Endpoint detection and response solutions spot university security threats.

Institutions should prioritize security at the endpoint, where the two main strategies of cryptojacking take place. This may look like installing ad blockers and other security software on all university devices, establishing a device refresh cycle, blocking specific websites on the school’s network, or customizing the spam filter for student and faculty email addresses. IT teams should also regularly scan for vulnerable servers and network devices. This can help identify which servers and devices have been subject to cryptojacking with enough time to stop the problem from worsening.

Partners such as IBM and Microsoft offer some useful solutions. It can also be beneficial to connect with a trusted technology partner that can help university IT teams identify and implement the appropriate solutions to combat this rapidly emerging threat.

luza studios/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT