Nov 05 2021

Cryptojacking Is On the Rise. Here’s How Enterprises Can Protect Themselves

Security leaders who think malicious cryptomining is no big deal are wrong. It costs a fortune, degrades devices and reduces productivity.

Cryptocurrency is in the news. This secure virtual currency allows online payments without requiring the services of a bank. Its value fluctuates wildly but has risen steadily: One Bitcoin was worth $196 in October 2013, but by September 2021 its value had had risen to more than $47,000.

Cryptomining is a method of creating new cryptocurrency by solving a very complex puzzle to verify the legitimacy of a cryptocurrency transaction, ensuring that the same crypto coin has not been spent in more than one place. It can be quite lucrative, given that more than 300,000 transactions occur each day, and all must be verified. The first miner to successfully verify a new block of verified transactions is rewarded with 6.25 Bitcoins.

Legitimate cryptocurrency miners invest huge sums in specialized equipment with the immense computing power required to solve the puzzle. Cybercriminals avoid the investment, instead stealing computing power from others in a process known as cryptojacking or malicious cryptomining. Let’s examine some of the facts and fallacies about cryptomining in the enterprise.

Fallacy: Cryptojacking Only Happens to Home Computers

For several years, it was believed that only home computers and personal devices were targets for cryptojackers. They would generally gain access to the devices via phishing attacks, then inject malicious code that would mine in the background. Criminals soon realized that it would be easy to target enterprise environments rich with high-powered systems: servers, endpoints and poorly secured Internet of Things devices.

Click the banner below and receive exclusive security content when you become an Insider.

Fact: Cryptomining Is a Threat to the Enterprise

Cryptomining hit enterprises hard s­tarting in 2018, and the danger ­continues today.

Cisco reported that in 2020, almost 70 percent of its customers were victims of cryptomining software, resulting in massive amounts of malicious DNS traffic and significant productivity impacts.

In March 2021, a major attack on Microsoft Exchange Server affected more than 30,000 U.S. organizations.

With the price of cryptocurrency so high, it’s no wonder cybercriminals seek large pools of available computing power to carry out their work, and enterprises are often easy targets.

Spear-phishing attacks that target an organization and entice users to click on links in legitimate-looking emails or websites with malicious scripts that download code to the endpoint are easy ways for cryptomining code to enter the enterprise. Perhaps a more common way is to find vulnerable s­oftware or misconfigured servers or Docker daemons.

Remote hackers can exploit those weaknesses to gain full control over systems and perform mining operations. They are also opportunistic: When the price of cryptocurrency drops, they are well positioned on the endpoint or the network, ready to shift to other types of attacks and potentially exfiltrating sensitive data.

MORE ON CRYPTOCURRENY: How nonprofits can take advantage of the trend.

Fallacy: Cryptomining Costs the Organization Little

Cryptomining doesn’t shut down business operations, request a ransom for encrypted data or otherwise cause visible damage to an organization. Nevertheless, it brings severe consequences: It can cause an increase in power bills, drive up overall costs and reduce the life of hardware. Cryptomining can drain the enterprise’s processing power, resulting in slowdowns or even shutdowns with accompanying impacts to customers. In extreme cases, there may even be physical damage to devices such as wires and transformers.

Fact: Cryptomining Code Is Hard to Detect

Cryptomining is stealthy. Because cryptomining is designed to operate in the background, malware scanners often overlook these attacks. However, there are ways for the enterprise to detect the presence of cryptomining. Network monitoring tools can reveal increased, unexpected CPU usage that could lead to endpoint failure. Security information and event management tools can be configured to detect changes in the network, servers and endpoints, and endpoint protection products can often detect and isolate cryptojacking code. Also, because the results of calculations must be sent outside the network, increased DNS activity could be a signal that something is wrong.

Fallacy: Ransomware Is the Greater Cause for Concern

Ransomware gets lots of attention in the media, but such attacks are actually on the decline, according to a McAfee report released this year.

REGISTER: Learn more about the infrastructures that support security in the weekly CDW Tech Talk Series. Click the banner below to register.

Cryptomining, conversely, is starting to take off. Bad actors see it as an attractive way to make quick money, with less risk than ransomware and for a low cost of entry. Cryptomining kits are available on the dark web for less than $50. In ­addition, it requires little technical skill, and the payoff can be much bigger than with other approaches, since 80 percent of companies do not pay a ransom when attacked.

Fact: Companies Can Take Steps to Protect Themselves

The steps necessary to avoid cryptomining are aimed at the primary ways in which unwanted code enters the organization.

Security awareness training reduces the incidence of users falling for phishing attacks or ­visiting dangerous ­websites. Organizations should also deploy tools that give them visibility into IoT devices and c­ontainers to understand abnormal baseline usage, as well as a rigorous patching program to eliminate common vulnerabilities. One of the strongest protections is a zero-trust security framework that includes multifactor authentication throughout the enterprise. Zero trust assumes that each component of the network — user, device and application — is potentially compromised. Segmenting the network and compartmentalizing sensitive data allows the organization to grant access only by exception. Cryptomining scripts would not be allowed to operate.

Cryptomining is not going away soon. Security hygiene and monitoring for abnormal activity can go a long way toward protecting your organization. Stay on top of next-generation security tools and processes to strengthen your e­ndpoints, servers, containers — and especially your users. 

maxrlx/Getty Images