A number of threat researchers are now reporting a massive and sustained spike of almost 500% in the volume of illicit cryptocurrency mining transactions on corporate networks. Trend Micro is hypothesizing that crypto mining could quickly rise to become “the new ransomware,” citing that cryptocurrency mining was the most detected network event on devices connected to home routers in 2017. Similarly, global cloud security provider Zscaler has blocked over 2.5 billion cryptocurrency mining attacks in just the past six months.
The driver behind this emerging threat is the sharply increased value of alternative digital currencies. These cryptocurrencies, such as Bitcoin, rely on a decentralized exchange medium that work using a blockchain. The recent rise in popularity of cryptocurrencies such as Bitcoin and other “altcoins” has led, no surprise, to the wider availability of “hacker-friendly” cryptomining malware, such as the popular Rarog Trojan.
Professional services and marketing websites are now among the website categories most prone to cryptojacking, which illustrates how deeply hackers have already penetrated corporate networks. Case in point: cyber criminals have reportedly been targeting the open-source Magento eCommerce platform to infect shoppers’ systems with various malware and/or perform browser-based crypto-mining. Another target of massive brute-force attacks by crypto-miners is WordPress websites.
The Business Risks of Cryptomining Malware
What does nefarious cryptomining activity behind your firewall mean for your company’s cyber security? The major concerns are:
- Increased CPU utilization, leading to higher power consumption and utility costs along with increased wear and tear on hardware.
- Increased utilization of company network bandwidth, reducing the performance of legitimate applications and services and impacting user experience.
- The potential for malware to spread from your systems to infect customers and partners.
- Potential deployment of ransomware and other malware on infected systems
What’s the leading InfoSec vulnerability enabling illicit crypto-mining? You guessed it: unpatched systems, especially Windows servers. Like most other malware, crypto-mining malware exploits known vulnerabilities for which patches are available, and often leverages known malware exploits like the NSA’s EternalBlue (of WannaCry fame).
How Can You Reduce Your Risks?
With attacks raining down harder by the day, every organization and individual needs to be on guard against cybercriminal cryptocurrency mining. Like ransomware and other malware, these threats are part of the constantly evolving risk landscape your company faces.
This issue underscores once again the need to “get the basics right.” To block cryptojackers, the key steps are:
- Get a handle on patch management,
- Don’t use unsupported software,
- Connect only essential systems to the Internet, and
- Educate users about threats.
To talk with an expert about best practices to keep your business safe from cryptocurrency mining malware, ransomware and other omnipresent threats, contact Pivot Point Security.
For more information:
- Technical guidance on crypto-mining attack details
- How to check whether your PC/laptop is doing somebody else’s crypto-mining
- How patch management could prevent a data breach lawsuit