By Kieran Frost, Research Manager, IDC South Africa
Cryptomining attacks (commonly known as ‘cryptojacking’) are the among the most prevalent threats organisations currently face, by 8,500% in 2017 according to Symantec.
Cryptojacking is when a device is unwittingly used to mine cryptocurrency – depositing the currency into a wallet designated by the threat actor. Often threat actors will utilise a cryptocurrency like Monero, whose focus on privacy ensures that traceability is nearly impossible.
The appeal of this attack is clear – these attacks are nearly invisible; and every infected device generates revenue. They are nearly invisible because they simply use compute power (and some more sophisticated variants will only execute when the device is not in use, or only push the CPU to a threshold low enough to evade detection). This means that from the moment of infection, the device is generating revenue. So, cryptojacking has a higher success rate than ransomware and it’s more difficult to detect – both of these make it the more appealing of the two attack vectors.
So how do organisations protect against these types of attacks? In order to arrange our defence, let’s first understand how these attacks occur.
As both methods are employed by attackers, our defence should respond to both.
- Start with your employees. Because phishing is at the core of many attacks, begin by training your staff to identify phishing attempts and to respond accordingly. Ensure that your IT support staff identify cryptojacking attacks so that any compromised devices are detected early. When users complain of performance issues, or fans spinning at abnormally high rates, get them to investigate.
- Ensure that your employees browsers’ run anti-cryptomining extensions. Make the running of these mandatory. There are many variants available on the market. Ensure that you research each and settle on a standard. Similarly, ensure that you have visibility into the extensions that your employees run so that you can enforce this policy and so that you can remove any malicious extensions.
- Ensure your anti-virus solution is up-to-date and able to detect cryptojacking attempts. Similarly, ensure that your network monitoring efforts detect devices that may have been compromised.
- Utilise a mobile device management suite so that you can extend your protection into your users’ mobile devices.
- Finally, and perhaps most importantly, ensure that your own websites are not compromised. There have been several high-profile examples of high traffic websites being compromised with crypto-jacking code. The reputational costs (as well as the costs to your customers) are high.
While no strategy is fool proof in stopping these attacks, this defence in depth approach will assist most companies in ensuring their protection.