Story image

How to avoid becoming a cryptojacking victim - Bitglass

14 May 2019

Article by Bitglass CTO Anurag Kahol

Fifty percent of organisations have malware in at least one of their cloud applications according to a report published by Bitglass. 

Cloud cryptojacking has become the biggest cybersecurity threat facing businesses, especially enterprise-level organisations. 

What is cryptojacking?

The term ‘cryptojacking’ refers to the unauthorised use of a third party’s computing resources to mine cryptocurrency. 

Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum, so it is unsurprising that hackers are targeting vulnerable data centres to help them boost their capabilities.

Cloud-based resources, and in particular infrastructure-as-a-service (IaaS) platforms, are main targets for this activity as they offer virtually infinite resources and tremendous processing power, as well as an environment where attackers can largely go undetected. 

The methodology used to obtain the right accesses for cryptojacking are not dissimilar to other cyber threats like ransomware. 

Often it will be via phishing emails that load cryptomining code, or via a website that has been infected with a specific JavaScript code that will auto-execute when loaded. 

This particular method often goes undetected by the victim for a long time as it runs silently in the background.

The most often cited case of cryptojacking took place in 2018 when Tesla fell victim to an attack. 

The automotive company discovered that some of its Amazon Web Services (AWS)  infrastructure was being appropriated for mining. 

The attack had been concealed from conventional firewalls and intruder detection systems as the cybercriminals had hidden the IP addresses of their mining programs behind a content delivery network; they had also throttled the mining software to ensure that it did not trigger high-usage-detection systems.

Here are five tips to secure infrastructure against cryptojacking:

1. Employee awareness
Employees are every organisation’s first line of defence, so make sure they are equipped with the right tools and training to be an effective part of the security strategy. 
Employees that are well versed in the company’s cybersecurity policies are less likely to fall victim to an attack. 
Teach them what to look for and what to avoid - focus on the threat of phishing attacks. 

2. Deploy the extensions
As mentioned earlier, one method cybercriminals use is to lace websites with auto-executing cryptojacking scripts. 
All employees should deploy ad-blocking and anti-cryptomining extensions on web browsers to avoid downloading this type of code from websites. 

3. Passwords and multi-factor authentication (MFA)
MFA and strong passwords should be in place for all cloud apps and IT assets. 
The attackers who compromised Tesla’s environment went through an administration console that was not password protected. 
Passwords should, as a minimum, include a mixture of alphanumeric credentials, and enforcing multi-factor authentication are must-haves for ensuring the protection of sensitive enterprise assets. 

4. Updates are not an option
Patches and software updates are regularly released by all security vendors – these are not optional.
Promptly install them to ensure endpoints and cloud-based tools have their security gaps filled, protecting them from the latest threats.  

5. Securing personal devices  
With BYOD becoming more common among businesses, securing personal devices is a must. 
This is most effectively achieved through an agentless solution, as tools like mobile device management (MDM) can harm device functionality, invade user privacy, and, consequently, prove incredibly difficult to deploy on employees’ personal devices.

You only get one chance to make a first impression
Regardless of where you come from one thing is for certain, businesses only get one chance to make a first impression.
Atos develops edge server with security in mind
The BullSequana Edge server is able to securely manage and process IoT data close to the source of data generation so that it is treated immediately.
Virtustream launches new services for cloud applications
The new suite of professional and managed services expands Virtustream’s enterprise application and services solutions.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Sony and Microsoft to explore strategic partnership
“Our partnership brings the power of Azure and Azure AI to Sony."
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Fujitsu and Veeam partner to offer simplified backup and recovery
This new partnership promises the increased availability of data and faster recovery from disasters and unplanned system downtime.