EDITOR’S QUESTION
//////////////////
use compute power (and some more
sophisticated variants will only execute
when the device is not in use, or only push
the CPU to a threshold low enough to
evade detection). This means that from
the moment of infection, the device is
generating revenue. So, cryptojacking has
a higher success rate than ransomware and
it’s more difficult to detect – both of these
make it the more appealing of the two
attack vectors.
So how do organisations protect against
these types of attacks? In order to arrange
our defence, let’s first understand how these
attacks occur.
C
rypto-mining attacks (commonly
known as ‘cryptojacking’) are
among the most prevalent threats
organisations currently face, rising by
8,500% in 2017 according to Symantec.
Cryptojacking is when a device is
unwittingly used to mine cryptocurrency
– depositing the currency into a wallet
designated by the threat actor. Often,
threat actors will utilise a cryptocurrency
like Monero, whose focus on privacy ensures
that traceability is nearly impossible.
The appeal of this attack is clear – these
attacks are nearly invisible; and every
infected device generates revenue. They
are nearly invisible because they simply
26
INTELLIGENTCIO
Unsurprisingly, email phishing attacks remain
one of the more common ports of entry.
Emails will direct users to malicious websites,
or ask users to open attachments, containing
the cryptojacking payload. The other major
method of attack uses Javascript to execute
code that causes the browser to mine
cryptocurrency. There is no install of any type
and the user simply needs to visit the page for
the mining to begin. This method is known as
in-browser cryptojacking.
As both methods are employed by attackers,
our defence should respond to both.
1. Start with your employees. Because
phishing is at the core of many
attacks, begin by training your staff
to identify phishing attempts and to
respond accordingly. Ensure that your
IT support staff identify cryptojacking
attacks so that any compromised
devices are detected early. When users
complain of performance issues, or fans
spinning at abnormally high rates, get
them to investigate.
2. Ensure that your employees browsers’ run
anti-cryptomining extensions. Make the
running of these mandatory. There are
many variants available on the market.
Ensure that you research each and settle
on a standard. Similarly, ensure that you
have visibility into the extensions that
your employees run so that you can
enforce this policy and so that you can
remove any malicious extensions.
3. Ensure your anti-virus solution is up-to-
date and able to detect cryptojacking
attempts. Similarly, ensure that your
network monitoring efforts detect devices
that may have been compromised.
4. Utilise a mobile device management suite
so that you can extend your protection
into your users’ mobile devices.
5. Finally, and perhaps most importantly,
ensure that your own websites are not
compromised. There have been several
high-profile examples of high traffic
websites being compromised with
cryptojacking code. The reputational
costs (as well as the costs to your
customers) are high.
While no strategy is fool proof in stopping
these attacks, this defence in depth
approach will assist most companies in
ensuring their protection.
www.intelligentcio.com