sb-eu logo
Story image

Five tips to defend against cryptojacking - Bitglass

28 Aug 2019

Article by Bitglass CTO Anurag Kahol

Cyber-criminals are using malware to steal computing power from various target devices in order to secretly mine cryptocurrency.

This escalating threat is known as cryptojacking.

Additionally, hackers may hijack enterprise IT resources in the cloud (such as AWS) for the same reasons - this is known, specifically, as cloud cryptojacking.

Although these forms of cryptojacking do not necessarily result in data loss, they do lead to stolen resources, a rise in power bills, and diminished productivity among employees whose infected devices have their performance impaired.

The incidence of cryptojacking has seen rapid growth and has emerged as a favourite strategy for hackers.

Notable victims have included Tesla and Drupal.

With cryptojacking becoming a go-to, low-risk way for cybercriminals to make money, it’s important for organisations to know how to spot it and, more importantly, how to stop it.

Here are five tips to do so:

1. Cybersecurity education

Cryptojacking tends to start with phishing emails.

When employees receive these dangerous messages and carelessly click the malicious links or attachments on offer, they unknowingly initiate a script on their devices, beginning the cryptojacking process.

Through IT security training, organisations can teach their employees to identify phishing attacks, reducing the likelihood of illegitimate links being clicked.

Training should also educate users on the consequences of successful phishing attacks, including cryptojacking, so they can understand the importance of remaining vigilant.

2. Ad-blocking and other tools

In addition to phishing, cryptojacking threats can be delivered through advertisements on the internet.

Fortunately, there are browser extensions that block popular cryptomining scripts.

Organisations should leverage extensions like AdBlock in order to reduce the likelihood of cryptocurrency mining that is initiated in this fashion.

3. Strong passwords and multi-factor authentication

As mentioned previously, cloud cryptojacking occurs when cybercriminals commandeer enterprise cloud resources and use them to mine for cryptocurrency.

Hackers constantly scour the internet for misconfigured cloud services, for example, those that do not require a password.

As such, organisations must ensure that they use sufficiently complex passwords as well as multi-factor authentication.

This will drastically reduce the likelihood of cybercriminals controlling cloud and IT assets – even if there is a credential leak.

4. Monitoring the cloud and the network

Cryptojacking burns through IT resources.

Accordingly, one of the simplest ways to identify this scourge is through consistent monitoring of all user and cloud activity.

IT teams should watch for significant changes in resource utilisation and check for unauthorised access to S3 buckets, a common attack vector in cloud cryptojacking schemes.

Similarly, IT teams should leverage network monitoring tools that can review web traffic and generate alerts when they encounter suspicious activities.

5. Adopt complete data security solutions

Cryptojacking is not solely a threat to desktops and laptops.

Mobile devices such as phones and tablets are also at risk. With more and more employees bringing their own devices to work (BYOD), extending security policies to mobile endpoints is critically important for enterprise security.

In light of this reality, agentless solutions have emerged as the tool of choice for BYOD security.

Agentless cloud access security brokers (CASBs) can govern access to data and monitor for threats like malware without requiring software to be installed on users’ personal devices.

This is immensely beneficial in the fight against cryptojacking.

Typically the cryptojacking threat does not cause obvious, catastrophic damage to the enterprise.

Like a parasite, it prefers that its host is kept alive.

However, cryptojacking is still a noteworthy consumer of enterprise resources.

As such, organisations must protect themselves through a mixture of security training, vigilance, and appropriate technology solutions.

In this way, they can significantly reduce the likelihood of cryptojacking impacting on their operations.

Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More
Story image
Gartner recognises Pulse Secure for Zero Trust Network Access solution
In the market guide, Gartner states that ZTNA augments traditional VPN technologies for application access, and removes the excessive trust once required to allow employees and partners to connect and collaborate. More
Story image
Okta, CrowdStrike, Netskope and Proofpoint create shared zero trust security strategy
Okta, CrowdStrike, Netskope and Proofpoint have joined forces to develop and launch an integrated, zero trust security strategy, stating that this is crucial for today’s digital and remote working environments.More
Story image
Radware extends cloud protection, adds multi-cloud support
It has also improved its attack detection engine to detect cloud native attack vectors and added a new attack simulation tool.More
Story image
Common misconceptions about smart homes and biometrics
The real cause of most attacks is not biometrics itself, but the storage of biometrics data in a centralised database.More
Story image
Cyber attacks keeping business leaders up at night, new research finds
Data breaches and insider threats are keeping organisations up at night, according to new research from KnowBe4, the security awareness training and simulated phishing platform.More