Is your business being targeted by cryptojackers?
Thanks in no small part to Tesla CEO Elon Musk, Bitcoin, Dogecoin and other cryptocurrencies have become much more widely known, but not necessarily understood.
Recent booms and burst bubbles have exposed how volatile, speculative and easy to manipulate those cryptocurrencies are, not to mention the environmental concerns attached to how they are mined. Nevertheless, cryptocurrency mining can be hard to resist when there is potential for massive payouts to successful miners. To try and gain an edge, miners have formed blockchain mining farms and invested in high-end computing systems.
But with opportunity brings risk -- in this case, it’s in the form of sophisticated cyber criminals gaining unauthorized access to personal and company computers.
Increasing threat of cryptojacking
It was only a matter of time. The large rewards from successfully mining cryptocurrencies has the full attention of criminals using computer systems to illegally mine for cryptocurrencies unbeknownst to the people, businesses and organizations that own them.
According to Threatpost, a cryptocurrency-mining malware called WatchDog was found in Feb 2021 to have been running under the radar on at least 476 Windows and Linux devices for more than two years. Researchers called it one of the largest and longest-lasting cryptojacking attacks of its kind to date.
Case and point: in many instances of cryptojacking the victims are completely unaware their systems are being exploited.
And the effects can be damaging: slow down in the performance of computers, reduction in the lifespan of devices, irreparable damage to hardware, and significant increases in energy bills.
All in all, cryptojacking represents yet another concern that IT departments across the world need to be on the lookout for.
Cryptojacking -- the warning signs
There are three common methods of cryptojacking that IT teams need to be aware of.
The first is to load code directly onto a computer when the victim clicks on a malicious link. After the computer is infected, the cryptojacker quietly hides in the background and mines cryptocurrency.
The second is to embed a piece of JavaScript code into a web page and perform cryptocurrency mining on machines that visit the page. This is known as 'drive-by cryptomining'. Victims are completely unaware their computer is being used to mine cryptocurrency because the code uses only enough system resources to remain undetected.
The last is to use common exploits to infect servers or multiple machines to gain access to much larger CPU resources for their cryptomining efforts than ordinary desktop PCs provide. This is what happened with the supercomputers in Europe.
How exposed is your IT?
The success of cryptojacking is dependent on evading detection for as long as possible and the rise of remote working during Covid-19 has widened the target for cyberattackers. IT assets no longer reside purely within a secure office network. They are now frequently moved between the office network to less secure home networks and back again.
Employees may also be using their own, less secure, devices to access the office network from home which opens up another attack surface for cybercriminals.
Devices are more exposed to cyberthreats outside the corporate network perimeter, and not only can they become infected while they are outside the office network, they can also be used as a trojan horse to spread those infections across the corporate network if correct security measures are not in place.
Remote working and cryptojacking -- the perfect storm
The surge in remote working and the value of cryptocurrencies represents a perfect storm for opportunists.
Although the growth in remote tools and third-party apps such as Teams, Slack and Zoom have helped maintain productivity, they are also linked to internal systems, providing access to their data. Not to mention increasing the likelihood of employees being tricked by fake malicious meeting invitations.
The other side of the remote working challenge is employees using their professional and personal computers and other devices for work purposes, widening the risk area and adding to the already increasing vulnerability of these devices. Lack of comprehensive network security solutions, and even basic firewall and malware protection, is eating away at organizations with remote workforces.
The challenge for organizations, businesses and users begins with detection, as you can’t protect what you can’t see.
Businesses leaving the door wide open
Being able to visualize and analyze devices on a network, either home or work, will help to detect any malicious code and repel cryptojacking attacks, as well as the broader vulnerabilities created by dispersed workforces and devices such as malware and phishing.
Most organizations will have a list of IT assets and feel confident they have secured their devices. But even with this list, they can find themselves vulnerable because while the front door is locked and bolted, the garage door is wide open.
To address these concerns, IT departments need effective IT asset management with the right tools to build a clear, complete picture of devices on a network. This allows them to create a complete inventory of all devices on the network, including Windows, Linux and Mac devices, printers, routers and switches.
The scanned devices are then automatically sorted into categories based on their device type. This makes locating devices and checking their configuration quick and extremely easy. IT departments can sort devices by IP or find a specific one through a filtered search.
It is time for IT leaders to regain control and visibility of their IT infrastructure, and not live in fear of being left vulnerable to cryptojacking and other nefarious cyberattacks. Having a detailed insight of their IT infrastructure should provide them with stronger capabilities to defend themselves against future threats and attacks.
There are plenty of criminals seeking to mine cryptocurrency to try and get rich quick, but with effective IT asset management policies it won’t be at the expense of the business.
Image credit: stevanovicigor/depositphotos.com
Maarten Saeys is Chief Product Officer (CPO) at Lansweeper, an IT Asset Management software provider.