Arley Brogiato, Sales Director, SonicWall Latin America, explains the risk of cryptojacking in the region.
Like a pest that silently gnaws at corporate IT, cryptojacking does unnoticed, unconfronted and unresolved damage. This expression comes from the word ‘crypto’, from cryptocurrencies and ‘jacking’, which refers to something used illegally.
Cryptojacking actions invade smartphones, laptops, desktops, servers and even IoT device networks to serve as a processing base for mining virtual currencies. Unlike ransomware attacks, in which the exhibitionism of digital gangs is part of a terror strategy, cryptojacking takes place quietly and is difficult to identify and block.
The spread of cryptocurrencies in the world leads digital gangs gambling more and more on this type of invasive attack. Criminals do not want to use their own processing power and their own electricity supplier, one of the biggest costs of the cryptojacking activity, for the costly mining of cryptocurrencies.
The SonicWall Threat Report revealed that in the first half of 2021, cryptojacking had grown by 23% worldwide compared to the same period in 2020. SonicWall security experts mapped 51.1 million attacks for January and June 2021.
Illicit money laundering and cryptomining: Two sides of the same coin
In Latin America, the outlook is challenging. The lack of a more widespread and legally grounded culture of cybersecurity makes Latin America a place where criminals around the world seek to launder illicit money.
A study carried out in February 2021 by the global security consultancy Insights shows that cryptojacking is used by digital gangs and ‘traditional’ criminals to launder the proceeds of crime.
The same study shows that 97% of money laundering actions through illegal mining, via cryptojacking, of cryptocurrencies culminate in coverting the ‘clean’ cryptocurrency into regular currencies (dollars, pesos, reais, euros). According to the report, Latin America is the favorite of cybercriminal groups since it is easier to operate among world regions.
Where there is crime, there is illegal mining of crypto coins. Where there is illegal mining of crypto coins, there are computers suffering from cryptojacking hacks.
The cost of electricity encourages criminals
The cost of electricity to be consumed in this criminal operation is high. According to a study carried out by the European research institute Joule, in 2018, around 60% of the legal operating costs of crypto mining are formed by the consumption of electricity. Add to this the need to have access to a great deal of data processing power and it is clear why cryptojacking is increasing.
The preferred target of this type of crime is an organization with many endpoints (desktops, laptops, servers) connected on the same network. The goal is to infect, with the utmost discretion, as many machines as possible. Keep in mind that cryptojackers use the same hacking techniques that are seen in ransomware: downloading spurious and contaminated files, phishing campaigns that today even target social networks and structural vulnerabilities in company systems.
Anyone who suspects that their computer is under the domain of a cryptojacker should check indexes such as deterioration of endpoint and network performance, increase in the temperature of the machine and signs that the CPU is being demanded more than would be expected.
Pandemic and the home office increase vulnerability
Pandemic aided the action of cryptojackers. The home office has become the new perimeter of the corporate network, multiplying vulnerabilities and helping intrusions focused on cryptojacking.
The endpoint that suffers such an attack becomes a permanently affected machine, which cannot be recovered. The main target is always the graphics card, and secondly, the motherboard. The device that undergoes cryptojacking is a lost machine, intensifying the economic losses caused by this type of breach.
Other damages can arise from the attacks launched by criminal gangs that, in the beginning, only sought to carry out cryptojacking. Once inside the company’s expanded network, it is possible to move on to other types of criminal actions.
What to do to face this threat?
There are two battlefronts to win this war. The use of firewalls to protect the entire company network and the adoption of solutions that defend the device used by the end user. Next Generation Firewalls, solutions with advanced Sandbox features, can block up to 99% of cryptojacking attempts.
There is, however, the possibility that 1% of these intrusions use strategies that are not identified by the firewall. In this case, it is essential to employ firewalls with advanced features, capable of checking the hardware itself, chips and cards, in order to prevent cryptojacking from reaching the machine language of the network elements.
Endpoint: battlefield against cryptojacking
And finally, in the case of computers used by company employees, including teleworking, the main strategy is to rely on the protection resources of tailored solutions for the defense of endpoints. These new security platforms are ‘clientless’. They do not have components installed on the endpoint, which preserves the performance of that computer and protects the computer through very sophisticated behavioral analysis.
This intelligence effectively identifies cryptojacking attempts, preventing the invasion from occurring. Under suspicion of a contaminated computer by cryptojacking, the solution is to quarantine that computer, preventing the malware from spreading through the network.
The new world created by the pandemic turned the personal computer into a mini data center where the most critical business processes take place. Anyone who adds endpoint and network protection to best practices in cybersecurity will achieve that target.Click below to share this article