Maksim Kabakou - Fotolia
Cryptojacking involves secretly stealing the processing power from a computing device to mine cryptocurrencies. Whilst originally confined to victims unwittingly installing a cryptocurrency mining program on their machines, attacks have now expanded to in-browser cryptojacking that simply involves inserting a few lines of code into a browser plug-in.
This now makes it quicker and simpler to carry out and much harder to detect unless security teams are aware of the indicators and mechanisms of compromise.
With such a small payload, it is easy to infect multiple websites at the same time, making it an attractive weapon for cyber criminals. The UK alone has seen a 1,200% increase in cryptojacking attacks from just last October to this January.
Despite the upward trajectory of attacks, it is possible to defend against. Below I’ve listed six steps for securing your organisation against cryptojacking:
1. Disable Java in browsers
Cryptojacking can be accomplished with a few lines of Java code hidden on a website. Every time an individual visits a corrupted website, the browser can be infected and a java script automatically run to start cryptocurrency mining.
Enforcing a policy of not allowing Java to run, while creating a whitelist of approved websites that employees can access will significantly reduce the chances of your organisation becoming victim to cryptojacking.
2. Look out for the tell-tale signs
Cryptojacking runs a program that steals processing power. This could be running on the company server, or employee laptops and smartphones. If you notice a device running slower than usual or consistently overheating then you should investigate what’s running in the background. If you find something unusual such as a rogue .exe file then it could be a mining component which you can then simply uninstall.
A server that’s been compromised might experience delays in accessing network locations or suffer frequent crashing. However, many cryptojacking attacks are covert enough to target unused CPU, so the effects can go unnoticed, so you should investigating the server to see if it’s communicating with any unknown IP addresses.
3. Look for anomalous programs
Using an anomaly detector, you can find unexpected items or events which do not conform to your network’s usual activity, such as the installation and running of an unknown program. There are plenty of anomaly detectors out there, many of which are now automated or utilise machine learning for greater accuracy. If you think your system is being used for cryptocurrency mining, running an anomaly detector is a good way to investigate.
4. Ensure your antivirus software is up to date
To reduce the likelihood of your organisation being exposed to cryptojacking (and other cyber threats) you should ensure all machines are installed with the latest updates from your antivirus provider. As there is no silver bullet when it comes to security technology, having a suite of security solutions will vastly enhance your security posture.
5. Stay on top of computer hygiene
Patching is probably the best antidote to cryptojacking attacks. In January 2018, cyber criminals exploited unpatched Oracle WebLogic Servers to mine the cryptocurrency Monero, despite a patch being available from October 2017.
Patching often takes a back seat, despite the fact it is one of the top cause of cyber-attacks. With this in mind, creating a risk model with a regular patching cycle for applications, browsers and operating systems will significantly reduce the threat and incidence of infection by cryptojacking software.
6. Employee engagement
As with every cyber threat, ongoing training and cyber awareness programmes that educate employees on the latest attacks, such as cryptojacking, and the signs they should look out for are crucial. These will help engender a culture of constant vigilance and reporting suspected cryptojacking incidents in the same way that they would report a spam email.