Story image

Exclusive: Demystifying cryptojacking and how organisations can protect themselves

05 Jul 2018

Article by Fortinet Australia, NZ and Pacific Islands senior regional director Jon McGettigan

Cryptojacking is the latest step in the evolution of malware monetisation methods.

If 2017 was the year of the ransomware attacks, then 2018 is shaping up to be the year of cryptojacking, with a 30% spike this year in the APAC region and a global surge of 28% per quarter according to Fortinet’s Threat Landscape Report.

One of the first successful monetisation formulas for cybercriminals was banking malware, where banking credentials were communicated back to them.

However, the conversion of credentials into cash is not an easy one.

Ransomware was another step that made the process simpler − victims would wire money directly to the cybercriminals.

However, ransomware is losing its effectiveness as more computer users are becoming more aware of the threat and improving their security and backup procedures. Cryptojacking has one main advantage over these two monetisation methods − if well-designed, the mining process can run in the background without drawing attention to itself.

In the best case, the user will be unaware that there is any extra processing going on.

This makes it almost a "victimless crime" in the sense that the user may not be aware that there is a problem, as opposed to having a computer visibly disabled, losing precious documents, or having money stolen from bank accounts.

So what exactly is cryptojacking?

It is a new threat to privacy and security which uses a PC to mine cryptocurrency when you’re visiting a site, by utilising a mining script.

Thousands of Australian websites have fallen victim to cryptojacking since last year, including the Queensland Government's legislation website, the Queensland Civil and Administrative Tribunal and the Victorian Parliament.

Cryptojacking can take multiple forms but Fortinet has identified three primary trends, each with a unique approach.

The first involves injecting JavaScript into vulnerable websites, the second involves using social engineering to attempt to get victims to download cryptomining malware, and the third involves an increase in ransomware demands for alternative cryptocurrencies due to the increasingly unpredictable nature of Bitcoin's value. The downside for cybercriminals hoping to profit from cryptojacking however, is that many victims are needed to gain enough resources to make significant profits.

Ultimately, that will be the factor that decides whether cryptojacking will continue as an attack vector, or whether its popularity will wane as new techniques are found, and the malware evolution continues.

How do you protect your firm from cryptojacking malware?

Deciding on the right approach to cyber security is essentially a risk management process.

Organisations need to conduct detailed reviews covering the assets that may be at risk, the protection mechanisms in place, and the potential damage to the company should those assets be stolen or destroyed.

Assets may be information-based (files, credentials or databases) or physical properties such as video cameras and physical security access systems which are connected to the corporate network. The damage to firms in the event of an attack may be difficult to assess.

Monetary losses from paying off ransomware attacks are easy to determine, but things like document loss, related recovery costs, reputational damage and legal liabilities caused by loss of customer data are harder to quantify. Cryptojacking losses are likewise tough to put a finger on.

Servers which are mining in the background will have reduced resources for dealing with real work, affecting business productivity.

Customer experience on public-facing servers can also be degraded.

These losses, whilst difficult to value, can be substantial and it becomes more important than ever to put in place a complete security solution covering all parts of an organisation’s network, from the access to the cloud.

This solution should not only protect against attacks, but also continually monitor the security "health" of the network to identify potential weak points, and pinpoint and deal with breaches before real damage is done.

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.