We are experiencing the age of the “digital gold rush”. Cryptocurrency discussions are dominating conversations everywhere and we all know someone invested in some sort of crypto if we aren’t ourselves. Cryptocurrencies derive their value in part through the limitation of cryptocoins that can be created. The potential return on cryptocurrencies makes cryptomining – the creation of cryptiocurrencies - highly attractive. This mining “consumes significant CPU resources and can severely impact system performance and power consumption” (Chromium Blog). The new cryptocurrency trend has brought to light a new network threat – illicit cryptomining in which outside users are infiltrating victims’ networks to utilize their computer resources.
According to Cisco Talos threat research law enforcement is focusing more on ransomware attacks, which is leading adversaries to look for alternate ways to monetize their criminal activity and is increasing their leverage of illicit cryptomining, or cryptojacking. Since cryptomining is a CPU-intensive process, cryptojacking can adversely affect industrial control systems, cause degraded performance, and negatively affect the user experience.
Attackers are infecting systems by any means they can. The most common infection methods and techniques we are currently seeing are:
- Emails with malicious attachments
- Compromised websites that inject code by exploiting browser plug-in vulnerabilities
- Compromised trusted system processes running modified code
- Cryptomining applications using encrypted communications
- Websites that embed JavaScript that allows for cryptomining in the web browser
- Active exploitation of vulnerabilities in server-based applications
- Leveraging vulnerabilities in technologies like Adobe Flash to deliver cryptominers via exploit kits
Because of the various methods of infection and widespread targets, there is no single method of protections that can address every possibility. No one is immune to the cryptojacking vulnerability. In February some of Tesla’s Amazon Web Services cloud infrastructure was found to be running a mining malware (Stephanie Chan, Cisco).
To prevent cryptomining malware from infecting your network it’s important to be proactive about your security approach. A few proactive steps you can take to help secure your network from malicious cryptojacking malware are:
- Monitor your resource usage when visiting a given website for indications of cryptojacking on that site using Task Manager for Windows or Activity Monitor for Mac OS X
- Disable JavaScript in the browser
- Enable a browser extension such as “No Coin” (available on Google Chrome and Firefox)
As cryptomining continues to grow in popularity, security leaders such as Cisco are making updates to their security portfolios to help protect customers from malicious cryptojacking malware. Cisco Umbrella has created a new Cryptomining security category that is dedicated to keeping your environment protected from unwanted cryptomining activities. Umbrella users can enable this new setting for both existing and new policies.
Cisco has also updated its AMP for Endpoints security platform email services to protect users from cryptomining, ransomware, and fileless malware attacks. Cisco has also released a new cloud application, Cisco Visibility, which is built into the endpoint console and simplifies and accelerates security investigations. Cisco Visibility combines threat intelligence from Cisco Talos, Cisco Umbrella Investigate, Threat Grid, AMP, and third parties to help reduce remediation times.
If you would like to learn more about how to protect your network from cryptojacking or are concerned your network may be infected reach out to our team to discuss potential security and remediation solutions.
Written By: Eden Reid, LookingPoint Marketing Manager