25 Sep Cryptojacking
Cryptojacking is when a cybercriminal steals computing resources without a users knowledge and then uses those resources to mine digital currency and make substantial profits at the users expense. Since almost any computer, server, router or even mobile device can be used for cryptojacking the targets are quite diverse:
This attack can use phishing or mining programs embedded in legitimate applications or emails to trick users into installing malicious malware. After infection, your computer may noticeably slow down, but fortunately most anti-virus software can effectively identify and prevent such attacks.
The growing use of mobile phones for more and more everyday activities is making mobile devices the new darling for cryptojacking malware. Mobile device computing power is quickly approaching that of standard computers, so attackers are using the advances in mobility as a new cryptojacking platform. Malware may be delivered via the mobile browser or it can also arrive via a mobile application that the user unwittingly installs on his device. Both types of infection are very hard to identify and will substantially reduce the battery life of the infected mobile device.
IoT device security has long been ignored by enterprises and users, but is becoming an emerging target for hackers. Malware can be lurking for a long time and can be used to launch DDoS attacks or as a free mining source as well. In August of 2018 hackers compromised more than 280,000 MicroTik routers across Brazil. The routers were injected with a modified version of CoinHive (https://coinhive.com/) that enabled the infected routers to mine Monero cryptocurrency. This type of crypto mining is technically not illegal so users must stay vigilant to insure they are not infected and unknowingly provide free mining resources to attackers. If infected, your IoT device will consume more power and may be unable to function properly if the device computing resources are overloaded. Many of these types of attacks exploit known vulnerabilities in the IoT device so it is important to update firmware on a regular basis to prevent these types of attacks.
A server infected with cryptojacking malware may not only become a free ATM for hackers but also can be an accomplice to spread malware to server users. When a hacker uses a server for mining, the enterprise may easily detect the abnormality due to the slow response of the server. However, when the server is only used as a platform for spreading the mining malware it is much hard for an enterprise to detect that a server has been hijacked. Due to the limited server resource consumption, it is hard for an enterprise to be aware that they have become a host distributing the mining malware.
Cryptojacking has already had a great impact on enterprises and users. However, according to a recent survey, more than 70% of the respondents, most of whom are CISOs, have said that they still do not understand the methods and hazards of cryptojacking. Most enterprises believe that cryptojacking is a terminal security issue and that anti-virus software can prevent such threats. However, cryptojacking malware may be lurking for a long time in connected IoT devices that are outside of the immediate control of common IT protection methods. As more and more IoT devices are connected to the enterprise network the threat landscape expands and becomes much more difficult to manage from a centralized network approach.
“To prevent an enterprise from becoming an accomplice in the cryptojacking and malware ecosystem, we must start with the protection of the server and expand protection to the IoT devices as well,” said Lin Yumin, CTO of ForceShield. Most devices with mining malware are infected through a connected server, and then become free cryptocurrency miners or malware bots, affecting the reputation of enterprises. To avoid the computing resources of the enterprise from becoming a victim of the interest-driven crypto jacking, both the network servers and IoT devices must be protected and a more holistic approach to network security must be undertaken.
ForceShield provides ‘always on’ ‘zero day’ protection of both IoT devices and web servers and provides a complete solution for securing the enterprise network. Contact us at firstname.lastname@example.org to learn how we can help you to secure your network and IoT devices against cyber-attacks and prevent cryptojacking.