What is Cryptojacking attack, how to prevent?
What is Cryptojacking
Bitcoin, Monero and Ethereum keep puzzling even experts. The value of cryptocurrencies rises and falls – it remains exciting, even for criminals who enrich themselves with the new payment system with the help of cryptojacking. They use malware to hijack computing power to mine Bitcoin & Co. However, the main risk for companies in cryptojacking is what other options hackers have to do once they have access to the network. How can companies recognize illegal cryptomining in their systems and at best prevent them?
Since Bitcoin crashed in 2018 and other cryptocurrencies such as Monero, Ethereum, Dash, Litecoin or ZCash tore down on the stock exchange, cryptojacking has slipped compared to the most common cyber threats. Ransomware has regained the top spot. This assessment is based, among other things, on the annual security report of the cyber security provider SecureLink .
This is also indicated by the current development of cryptocurrencies. Bitcoin currently costs over $ 8,800. For comparison. Even though this is still far from the high of $ 20,000 in December 2017, there is an upward trend.
In addition, cryptomining is a continuous source of income for criminals even at low rates, provided that they let enough miners work for them. Therefore, companies are well advised to deal with cryptojacking and any protective measures
How Hackers Use Crytojacking?
For the second, more dangerous variant, criminals use security gaps to implant the mining script on web servers, routers or in content management systems. As a result, the script is redistributed to all websites that flow through these systems. To make matters worse, the hackers penetrate the system. For example, you can set up botnets and sublet them for DDoS attacks, spam campaigns or click fraud. Prepared apps are another way of distributing the script, both for PCs and for mobile devices. For example, Microsoft recently removed eight applications from the Windows Store because they were infected with cryptojacking malware.
Resource theft in the cloud
It can be really expensive if hackers access almost unlimited computing power via cloud infrastructures. In early 2018, the automaker Tesla was the target of a cryptojacking attack that infiltrated the company’s AWS infrastructure with mining malware. The criminals used Kubernetes administration consoles as the gateway, which were publicly accessible via the Internet without password protection. This was the finding of a report by the security specialists at RedLock Cloud Security, who discovered the incident.
Infected systems become slower, are more heavily used and consume more electricity, which is due to the complex computing for digging. A network monitoring solution therefore helps to identify such incidents. It shows both abnormalities in system utilization and suspicious network communication, for example because cryptojacking malware receives its computing tasks from a mining platform and sends its results to it. Intrusion detection systems (IDS) or security information and event management (SIEM) also contribute to the detection of anomalies.
How to prevent from cryptojacking
New trend: shape jacking
Cryptojacking malware is cleverly camouflaged and usually has no serious consequences, which is why many incidents go unnoticed. However, companies should take the risk seriously, pay close attention to signs, and review their security measures. Because even if it is a “malware light”, it is still a successful attack that indicates security gaps. Other attackers can also exploit these vulnerabilities. If hackers manage to infect a system with cryptojacking malware, they can take control unnoticed. Undesirable cryptomining is probably the smallest problem that those affected have to reckon with.