Best security methods to avoid becoming the next cryptojacking victim
August 14, 2019
What are the best security methods to help organisations avoid becoming the next cryptojacking victim? Paddy Francis, CTO – Airbus CyberSecurity, explores the origins of cryptojacking and what can be done to stop it.
The craft of mining dates back to pre-historic times when the first civilisations would use ceramics and stone to make tools and weapons for survival. Fast forward some centuries and astronomical advances in technology have meant we can mine gold, silver and diamonds using safer and more accurate methods.
This is where the traditional term mining comes from but in the 21st century there is an online and unlawful connotation that is associated to mining – cryptojacking.
Cryptojacking is a relatively new threat and sprouted from the invention of digital money i.e. cryptocurrencies. Initially, these became attractive for investors as cryptocurrencies have no physical form while only existing in the online world and use blockchain as a public ledger to note and monitor all information passed through it.
Additionally, it is decentralised, not owned or associated to a bank or government and not regulated by a governing body. All activity is conducted anonymously and managed via multiple duplicate databases across millions of computers which are not owned by any one person or organisation.
The way cryptocurrencies enter circulation is through the process of cryptocurrency mining which is conducted by miners creating signatures for a blockchain - the system where cryptocurrency transactions are managed.
The first miner to successfully generate the signature and have it verified is essentially the winner for which they are then rewarded with the newly created cryptocurrency. It is this communial validation that helps keep the blockchain honest and secure.
For the average person this task is achievable, but it can be extremely time consuming and demands an excessive amount of PC processing power. However, as the interest and hype grew around cryptocurrencies like Bitcoin amongst the crypto enthusiasts, this then spiralled into a competition with miners creating purpose-built cryptomining facilities.
Eager to speed-up the process required for mining crytocurrencies, cyber criminals devised cryptojacking. This is where hackers gain control, infect and subsequently mine the resources from other computers and devices without the owner’s knowledge.
You may never know that you’re a victim of cryptojacking and with recent research showing these attacks have tripled in the past year, there is no evidence of this threat disappearing. There is also evidence these actions are being carried out legally by legitimate websites who are using cryptojacking as an alternative revenue stream to advertisements.
Crytojacking tend not to be malicious and most don’t have an objective of stealing sensitive data or causing denial of services. The biggest issues come from its PC consumption which is excessive and inevitably slows down the overall functioning capacity of the user’s computer. It’s even worse for mobile device users who, if targeted, are often left with a dead battery.
With the need for mass amounts of CPU power to effectively carry out cryptojacking, it’s those who have high-level access that are the biggest threats within a company because it would be fairly easy for them to firstly install the mining software across company computers and then either mine the digital currency for themselves or sell the computing power on.
Furthermore, due to the insider having this privileged access, they will have the power to override security alerts and other defences for their own monetary gain. An example of this took place in Russia where scientists at a nuclear power plant were found to be using the supercomputer to mine Bitcoin.
Another danger presented by this is the added risk of other malicious software the network could be exposed to through insecure connections made to the internet, or poorly written cryptojacking software crashing the computer.
Having these enabled can act as a good defence barrier and an additional layer of security to already established security technology, as most organisations will have DNS filtering services that will mark such sites as harmful if they haven’t already been blocked.
To prevent critical servers or workstations being affected, there is the ability to log the processor usage. If the business employs a security operations centre (SOC), the processor usage should be logged and monitored using a script in the security information and event management (SIEM) software. The obvious sign being long periods of high processor usage being conducted particularly out of hours.
The biggest risk posed by cryptojacking though is the prospect of malware being installed on to PCs and servers to access the most powerful desktops and drain out the additional power. To avoid such an occurrence, businesses should have anti-malware defences installed and these can include application whitelisting for servers, continuous monitoring and anti-virus security.
In addition, if network monitoring security is in place, it will be able to alert the business and security teams to any illegitimate or out of the ordinary network behaviour. All good indicators that malicious activity is taking place.
Cryptojacking may not rank high in the list of potentially dangerous cyber threats against businesses today, and while it may not have immediate or noticeable effects, the repercussions of a successful attack could be very disruptive.
Therefore, it is important to follow best security practises and ensure basic security is in place to help detect performance changes across the network and to prevent the exploitation of vulnerabilities potentially created by cryptojacking and other script-based attacks.
Earlier this year, Symantec Threat Intelligence revealed that cryptocurrency mining (cryptojacking, cryptomining) operations rose by 1,200 percent in the UK in a matter of a few months. In March, the …