 |
March 08, 2018, 05:30:08 AM |
|
What is cryptojacking?
- Cryptojacking is defined as the secret use of your computing device to mine cryptocurrency.
- Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to
click on a malicious link in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript
code that auto-executes once loaded in the victim’s browser.
How cryptojacking works
-Hackers have two primary ways to get a victim’s computer to secretly mine cryptocurrencies. One is to trick victims into loading
cryptomining code onto their computers. This is done through phishing-like tactics: Victims receive a legitimate-looking email that
encourages them to click on a link. The link runs code that places the cryptomining script on the computer. The script then runs in the
background as the victim works.
The other method is to inject a script on a website or an ad that is delivered to multiple websites. Once victims visit the website or the
Infected ad pops up in their browsers, the script automatically executes. No code is stored on the victims’ computers. Whichever method is
used, the code runs complex mathematical problems on the victims’ computers and sends the results to a server that the hacker controls.
Hackers often will use both methods to maximize their return. “Attacks use old malware tricks to deliver more reliable and persistent
software [to the victims’ computers] as a fall back,” says Vaystikh. For example, of 100 devices mining cryptocurrencies for a hacker, 10
percent might be generating income from code on the victims’ machines, while 90 percent do so through their web browsers.
Unlike most other types of malware, cryptojacking scripts do no damage to computers or victims’ data. They do steal CPU processing
resources. For individual users, slower computer performance might be just an annoyance. Organization with many cryptojacked systems
can incur real costs in terms of help desk and IT time spent tracking down performance issues and replacing components or systems in the
hope of solving the problem.
How to detect cryptojacking
-Like ransomware, cryptojacking can affect your organization despite your best efforts to stop it. Detecting it can be difficult, especially if
only a few systems are compromised. Don’t count on your existing endpoint protection tools to stop cryptojacking. “Crypto mining code
can hide from signature-based detection tools,” says Laliberte. “Desktop antivirus tools won’t see them.” Here’s what will work:
Train your help desk to look for signs of crypto mining. Sometimes the first indication is a spike in help desk complaints about slow
computer performance, says SecBI’s Vaystikh. That should raise a red flag to investigate further.
Other signals help desk should look for might be overheating systems, which could cause CPU or cooling fan failures, says Laliberte. “Heat
[from excessive CPU usage] causes damage and can reduce the lifecycle of devices,” he says. This is especially true of thin mobile devices
like tablets and smartphones.
Deploy a network monitoring solution. Vaystikh believes cryptojacking is easier to detect in a corporate network than it is at home because
most consumer end-point solutions do not detect it. Cryptojacking is easy to detect via network monitoring solutions, and most corporate
organizations have network monitoring tools.
However, few organizations with network motoring tools and data have the tools and capabilities to analyze that information for accurate
detection. SecBI, for example, develops an artificial intelligence solution to analyze network data and detect cryptojacking and other
specific threats.
Laliberte agrees that network monitoring is your best bet to detect cryptomining activity. “Network perimeter monitoring that reviews all
web traffic has a better chance of detecting cryptominers,” he says. Many monitoring solutions drill down that activity to individual users so
you can identify which devices are affected.
How to prevent cryptojacking
-Incorporate the cryptojacking threat into your security awareness training, focusing on phishing-type attempts to load scripts onto users’
computers. “Training will help protect you when technical solutions might fail,” says Laliberte. He believes phishing will continue to be the
primary method to deliver malware of all types.
Employee training won’t help with auto-executing cryptojacking from visiting legitimate websites. “Training is less effective for
cryptojacking because you can’t tell users which websites not to go to,” says Vaystikh.
-Install an ad-blocking or anti-cryptomining extension on web browsers. Since cryptojacking scripts are often delivered through web ads,
installing an ad blocker can be an effective means of stopping them. Some ad blockers like Ad Blocker Plus have some capability to detect
crypto mining scripts. Laliberte recommends extensions like No Coin and MinerBlock, which are designed to detect and block cryptomining
scripts.
Keep your web filtering tools up to date. If you identify a web page that is delivering cryptojacking scripts, make sure your users are
blocked from accessing it again.
Maintain browser extensions. Some attackers are using malicious browser extensions or poisoning legitimate extensions to execute crypto
mining scripts.
-Use a mobile device management (MDM) solution to better control what’s on users’ devices. Bring-your-own-device (BYOD) policies
present a challenge to preventing illicit cryptomining. “MDM can go a long way to keep BYOD safer,” says Laliberte. An MDM solution can
help manage apps and extensions on users’ devices. MDM solutions tend to be geared toward larger enterprises, and smaller companies
often can’t afford them. However, Laliberte notes that mobile devices are not as at risk as desktop computers and servers. Because they
tend to have less processing power, they are not as lucrative for the hackers.......... from different sources
if you like this post then send merit.. Thank you...
|
