Cryptojacking is proof of big security problem, report warns CISOs

Infosec pros know there are any number of signs that despite best efforts an organization’s network security may have been penetrated.  According to a new report from the Cyber Threat Alliance, one in particular should set off alarm bells: The presence on any computer of cryptomining software.

“Mining is the canary in the coal mine,” the CTA says in a white paper released Wednesday, “warning you of much larger problems ahead. “CTA members recount case after case of being called in to an incident response for a mining infection and finding signs of multiple threat actors in the network.”

“The presence of illicit cryptocurrency mining within an enterprise is indicative of additional flaws in cybersecurity posture that must be addressed. Most illicit mining takes advantage of lapses in cyber hygiene or slow patch management cycles to gain a foothold and spread within a network. If miners can gain access to use the processing power of your networks, then you can be assured that more sophisticated actors may already have access.”

Cryptomining uses the computing power of devices to solve mathematical problems built by creators of digital currencies for free distribution of coin: Solve a problem, using the number-crunching power of a computer, get free coin. The attraction to criminals is obvious. Hence, cryptojacking: The surreptitious installation of software on other peoples’ computers, websites and even smart phones.

There’s been a tremendous rise of cryptojacking in the past year. In a report released this week, Europol, the European police co-operative, noted that some security vendors say that in the latter part of 2017 cryptomining overshadowed almost all other malware threats.

Evidence on corporate devices of cryptomining software is also prime evidence of a patching problem, says the CTA whitepaper, as criminals use known exploits to plant their malware. The proof? A patch for the Windows exploit called EternalBlue has been available for 18 months, yet, the report says there are still “countless organizations” being victimized to set up mining malware And this vulnerability can be also used by an attacker to move laterally across a network.

In addition to siphoning off corporate computer power and increasing inefficiency, mining software also runs the risk of damaging CPUs/GPUs by maxing out their power. Some malware disables a computer’s sleep and hibernation modes to maximize mining time. These are tell-tale signs of cryptomining. Criminals have caught on, says the report, so more advanced actors configure their mining software to only use 20 per cent of the machine’s CPU, or stop mining when a user moves a mouse.

The report includes a number of recommendations infosec pros can use to fight cryptojacking, including identifying known good traffic and use machine learning or other artificial intelligence technologies to identify non-typical behaviors and provide baselining for legitimate network traffic; watching for abnormal power consumption and CPU activity; and checking system privilege policies and granting administrative privileges only to personnel for whom performing administrative functions
is essential.

“Fortunately,” says the report, “defending against illicit cryptocurrency mining does not require specialized security software or radical changes in behavior. Instead, individuals and organizations can employ well-known cybersecurity practices to counter this threat.”

The Cyber Threat Alliance is made up of a number of security vendors including Cisco Systems, McAfee, Fortinet, Palo Alto Network and others.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now