Maksim Kabakou - Fotolia
Security Think Tank: User vigilance key to cryptojacking defence
How can organisations best defend against cryptojacking?
Companies need to defend against all types of malware – not just cryptojacking programs. However, they can be quite difficult to detect.
They don’t do anything malicious other than sit there in the background and borrow your computer’s processor and memory.
Furthermore, they tend to do this when your computer is running idle, when you’re not sat down doing anything. So they’re quite clever little things really, which took security researchers some time to pick up.
As with defending against any type of malware, user vigilance is key. These things are propagated by phishing emails and typically use zero day vulnerabilities to infiltrate your systems.
This is where criminals are always one step ahead of the game and know how to find a way into your computer – a way security researches haven’t quite yet picked up on.
Education is by far the most effective approach. Teach your users how to spot phishing emails, teach them not to visit untrusted websites that download malware in the background, and try to instil common sense into your user base so they don’t get up to any mischief.
It is unlikely you will ever find out if you are being “targeted” by cryptojackers, as their aim is to stay well under the radar. However, that’s not to say you can’t detect this software. It needs to “dial home” at some point and send findings back to base. You should be looking for internet activity that doesn’t correspond to a user’s daily tasks.
Read more from Computer Weekly’s Security Think Tank about cryptojacking
- Use awareness, education and controls to halt cryptojacking.
- Organisations must pay attention to cyber criminals hijacking computing resources to mine cryptocurrencies, because nearly half are affected and the impact is greater than many realise.
For example, a single HTTPS connection sent to a web server with nothing on it. Even more so if a user is not sat at their desks. Focus on defining what is normal behaviour, then erratic stuff like cryptojacking or botnet malware is quite easy to find.
In addition to an appropriate suite of anti-malware products, make sure you are also monitoring audit logs and internet traffic, and learn to spot the signs of what malware is and what it does.