Welcome to Cyber Security Today. It’s Wednesday August 11th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Cybercrooks are still trying to secretly infect corporate computers, personal computers and smartphones to mine for cryptocurrency. So-called cryptojacking has been going on for years. It ebbs and flows as the value of cryptocurrencies rise and fall. According to an April report by Palo Alto Networks’ Unit 42 threat intelligence service, cryptojacking may be dropping. For the five months ending in February, only 17 per cent of organizations with cloud infrastructure showed signs of cryptojacking activity, it said. That compares to 23 per cent for the three months ending in September 2020. It was the first recorded drop since Unit 42 began tracking cryptojacking trends in 2018. FireEye thinks the drop is likely because organizations are doing a better job of protecting themselves.
In an interview Dave Masson, the Canadian-based director of enterprise security for Darktrace, said cryptojacking has become a bigger threat to organizations since employees began working from home. Many home computers aren’t protected as well as corporate computers from cyber attacks.
What crooks want is to leverage as much computing power as they can to mine for cryptocurrencies. So rather than buy lots of computers and chain them together for huge amounts of processing power, they steal computing cycles by infecting internet-connected devices. Victims may notice something’s wrong if their machines run slower than normal. However, crooks are getting wise to this and try to make their malware run as conservatively as possible.
It’s not just outsiders doing this, Masson told me. One of the cleverest scams Darktrace has seen involved an employee who hid 12 servers running mining software under the raised floor of their company’s data centre. In another case the employee had a bunch of internet-connected servers hidden in a company warehouse.
Signs of cryptojacking include devices that run slower than normal, hotter than normal, and increases in electric bills
What can you and your organization do to prevent being victimized? First, patch your software as soon as security updates are available. Mining software takes advantage of vulnerabilities in Windows, Linux, Android and other operating systems. Keep your browsers up to date, because cryptojacking can be done through browsers. And regularly check to see the code of websites haven’t been compromised.
Typically cryptojacking malware is spread through infected email attachments, which means everyone has to be aware of the risks of clicking on links in emails and texts.
Managers need to warn employees that using corporate devices for cryptomining can damage equipment.
IT departments need to have rigorous patch management procedures. They should also watch for signs of unusual CPU use. Security company Varonis notes that if there’s an increase in CPU usage when users are on a website with little or no media content, it’s a sign that cryptomining scripts may be running.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.