Cryptojacking
Cryptocurrency is digital money that can be used to pay for goods and services. Bitcoin, Monero and Ethereum are examples of cryptocurrencies, but there are many others.
​
Unlike other legal tender, cryptocurrency is not controlled by the banks. Instead it uses complex mathematical algorithms (encryption and blockchain technology) to verify and secure every transaction made.
CRYPTOMINING:
It is possible to earn cryptocurrency by downloading software that solves the complex mathematical problems that validate other people’s transactions. Every solved equation earns a small reward, paid out in cryptocurrency.
Solving these mathematical calculations, however, requires a massive amount of processing power and will exhaust the resources of most computers that attempt them. Instead of using their own device, a malicious actor will therefore steal the processing power of other people’s systems by covertly installing the cryptomining software and syphoning off any earnings. This is known as cryptojacking.
Adversaries will distribute this malware through weaponized mobile phone apps; infecting vulnerable websites and hijacking Wi-Fi hotspots.
WHAT SYSTEMS AND DEVICES ARE AT RISK:
Any connected device with a processor is susceptible.
Common targets include:
-
Cloud vendors who have large banks of system resources,
-
Exposed and vulnerable networked computers.
-
Mobile devices.
SYMPTOMS OF A CRYPTOJACKING ATTACK INCLUDE:
-
Degraded system and network performance because bandwidth and processing resources are being monopolised.
-
Increased power consumption, system crashes, and physical damage from component failure due - usually - to the extreme temperatures this type of processing necessitates.
-
Financial loss because of system downtime, increased power consumption as well as the cost of sanitization and recovery efforts.
HOW TO PROTECT AGAINST CRYPTOJACKING:
-
Maintain antivirus software: This detects and removes unwanted programs.
-
Keep software and operating systems up to date: So known vulnerabilities cannot be exploited by cyber criminals.
-
Use strong passwords: Which will prevent unauthorised access to connected systems. Default passwords will also compromise the security of your critical devices.
-
Download files using only trusted sites: Check site reviews where possible to make sure that the download is legitimate and has integrity.
-
When downloading apps, consider what permissions they need to operate.
​​
NETWORK MANAGERS SHOULD ALSO
-
Check system privileges: Only administrative accounts should be able to make system changes. These accounts should only be used when absolutely necessary and only by staff who absolutely need this type of access.
-
Maintain a firewall: Which will monitor for malicious inbound traffic and unnecessary outbound traffic. Configure firewalls using vendor guidance and industry best practice.
-
Create and monitor blacklists: Using threat intelligence to identify websites that distribute malware or are leveraged for command and control. Block these sites using the IP address and prevent devices from being able to access them. A much better alternative, however, is to route your internet traffic through a cloud vendor that will filter out these sites for you.
-
Apply application whitelisting: This will prevent unknown executables from launching on your systems. App Locker, SRP and WDAC are your go-to system tools to enforce such rules.
-
Remove unused or deprecated software: which will dramatically reduce the attack surface of your network.
-
Benchmark: CPU, running services and other system resources: So abnormal loads and processes can be quickly detected.
-
Validate input: On internet-facing web servers and web applications to mitigate injection attacks and the planting of malware.