Maksim Kabakou - Fotolia

Security Think Tank: Use good practice to address cryptojacking risk

How can organisations best defend against cryptojacking?

A new piece of cryptocurrency is made each time a complex mathematical problem is solved using computing energy.

Currencies can be legitimately mined in this way – but this mining activity is also increasingly attracting fraudulent behaviour.

This means cryptojacking is all about volume; the more processing power available to the person mining, the more likely it is they will stumble across the “solution”, and therefore solve the current block in the blockchain.

In theory, this makes datacentres and server farms that have huge processing power the main targets for such attacks.

However, there is an argument that, rather than one “big hit”, it may be easier to attack several smaller companies who may have less sophisticated defences, which yield less per hack, but offer more opportunities.

Cryptojacking can take the form of phishing tactics that encourage users to click on a link that leads to a cryptomining script running on their computer while they work. Or, ads can be infected with scripts that automatically run once someone visits a website running that ad.

Cryptojacking should therefore be regarded as another type of hack, along the lines of a denial of service or direct fraud; the actual risk to companies is largely the same.

It should also be considered that, because cryptojacking does not require complex technical skills, as its attraction grows, many attacks may be fairly simple.

Putting basic security measures in place may block the majority of hacks in the same way a traditional burglar alarm on a house may encourage would-be intruders to pick an alternative easier target. (It may also explain why items such as internet-connected toasters, TVs and fridges are at risk of hacking!)

1. Prevent

As such, the same defensive measures, which amount to general good cyber security measures, should be applied. These include the following preventative initiatives:

Cyber awareness training: Like other cyber threats, education is key, and it is better to be preventative. General cyber awareness will help reduce the likelihood of machines being hijacked. Users should also be encouraged to report the telltale sign of computer performance issues, for example.

Patching: Regular patching and upgrades of both the network-level and individual device security software will help to minimise the exposure to this threat axis.

Threat detection: Enterprise threat detection solutions can help to identify when the networks are being attacked and, depending on the solutions, provide real-time alerting and investigative follow-up to address the issues.

Browsing restrictions: Blacklists and whitelists for browsing can be useful, along with activities such as restricting JavaScripts and using anti-cryptomining browser extensions.

2. Monitor

As well as seeking to reduce the likelihood of the attack in the first place, it is also important to monitor for impacts of such an attack.

Hardware performance monitoring: Working with system administrators – whether internal or third-party – to monitor the performance of IT assets is key. Having first established a baseline for how the hardware should be functioning, any suspicious loads, such as an increase in the percentage of central processing unit power being used, power drain and an increase in temperature, can be flagged. These indicate that system resources may have been hijacked, and need to be quickly identified and addressed – ideally via automated tools and alerts.

To reiterate, cryptojacking should be regarded as another risk to the organisation. Good business practice that dictates IT security is a critical consideration will go a long way to preventing it.

Read more on Hackers and cybercrime prevention

Data Center
Data Management