Cyber Security Today, August 11, 2021 – How not to be victimized by cryptojacking

Welcome to Cyber Security Today. It’s Wednesday August 11th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Cybercrooks are still trying to secretly infect corporate computers, personal computers and smartphones to mine for cryptocurrency. So-called cryptojacking has been going on for years. It ebbs and flows as the value of cryptocurrencies rise and fall. According to an April report by Palo Alto Networks’ Unit 42 threat intelligence service, cryptojacking may be dropping. For the five months ending in February, only 17 per cent of organizations with cloud infrastructure showed signs of cryptojacking activity, it said. That compares to 23 per cent for the three months ending in September 2020. It was the first recorded drop since Unit 42 began tracking cryptojacking trends in 2018. FireEye thinks the drop is likely because organizations are doing a better job of protecting themselves.

In an interview Dave Masson, the Canadian-based director of enterprise security for Darktrace, said cryptojacking has become a bigger threat to organizations since employees began working from home. Many home computers aren’t protected as well as corporate computers from cyber attacks.

What crooks want is to leverage as much computing power as they can to mine for cryptocurrencies. So rather than buy lots of computers and chain them together for huge amounts of processing power, they steal computing cycles by infecting internet-connected devices. Victims may notice something’s wrong if their machines run slower than normal. However, crooks are getting wise to this and try to make their malware run as conservatively as possible.

It’s not just outsiders doing this, Masson told me. One of the cleverest scams Darktrace has seen involved an employee who hid 12 servers running mining software under the raised floor of their company’s data centre. In another case the employee had a bunch of internet-connected servers hidden in a company warehouse.

Signs of cryptojacking include devices that run slower than normal, hotter than normal, and increases in electric bills

What can you and your organization do to prevent being victimized? First, patch your software as soon as security updates are available. Mining software takes advantage of vulnerabilities in Windows, Linux, Android and other operating systems. Keep your browsers up to date, because cryptojacking can be done through browsers. And regularly check to see the code of websites haven’t been compromised.

Typically cryptojacking malware is spread through infected email attachments, which means everyone has to be aware of the risks of clicking on links in emails and texts.

Managers need to warn employees that using corporate devices for cryptomining can damage equipment.

IT departments need to have rigorous patch management procedures. They should also watch for signs of unusual CPU use. Security company Varonis notes that if there’s an increase in CPU usage when users are on a website with little or no media content, it’s a sign that cryptomining scripts may be running.

That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast