sb-nz logo
Story image

How to avoid becoming a cryptojacking victim - Bitglass

14 May 2019
Contributor
Share:

Article by Bitglass CTO Anurag Kahol

Fifty percent of organisations have malware in at least one of their cloud applications according to a report published by Bitglass. 

Cloud cryptojacking has become the biggest cybersecurity threat facing businesses, especially enterprise-level organisations. 

What is cryptojacking?

The term ‘cryptojacking’ refers to the unauthorised use of a third party’s computing resources to mine cryptocurrency. 

Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum, so it is unsurprising that hackers are targeting vulnerable data centres to help them boost their capabilities.

Cloud-based resources, and in particular infrastructure-as-a-service (IaaS) platforms, are main targets for this activity as they offer virtually infinite resources and tremendous processing power, as well as an environment where attackers can largely go undetected. 

The methodology used to obtain the right accesses for cryptojacking are not dissimilar to other cyber threats like ransomware. 

Often it will be via phishing emails that load cryptomining code, or via a website that has been infected with a specific JavaScript code that will auto-execute when loaded. 

This particular method often goes undetected by the victim for a long time as it runs silently in the background.

The most often cited case of cryptojacking took place in 2018 when Tesla fell victim to an attack. 

The automotive company discovered that some of its Amazon Web Services (AWS)  infrastructure was being appropriated for mining. 

The attack had been concealed from conventional firewalls and intruder detection systems as the cybercriminals had hidden the IP addresses of their mining programs behind a content delivery network; they had also throttled the mining software to ensure that it did not trigger high-usage-detection systems.

Here are five tips to secure infrastructure against cryptojacking:

1. Employee awareness
Employees are every organisation’s first line of defence, so make sure they are equipped with the right tools and training to be an effective part of the security strategy. 
Employees that are well versed in the company’s cybersecurity policies are less likely to fall victim to an attack. 
Teach them what to look for and what to avoid - focus on the threat of phishing attacks. 

2. Deploy the extensions
As mentioned earlier, one method cybercriminals use is to lace websites with auto-executing cryptojacking scripts. 
All employees should deploy ad-blocking and anti-cryptomining extensions on web browsers to avoid downloading this type of code from websites. 

3. Passwords and multi-factor authentication (MFA)
MFA and strong passwords should be in place for all cloud apps and IT assets. 
The attackers who compromised Tesla’s environment went through an administration console that was not password protected. 
Passwords should, as a minimum, include a mixture of alphanumeric credentials, and enforcing multi-factor authentication are must-haves for ensuring the protection of sensitive enterprise assets. 

4. Updates are not an option
Patches and software updates are regularly released by all security vendors – these are not optional.
Promptly install them to ensure endpoints and cloud-based tools have their security gaps filled, protecting them from the latest threats.  

5. Securing personal devices  
With BYOD becoming more common among businesses, securing personal devices is a must. 
This is most effectively achieved through an agentless solution, as tools like mobile device management (MDM) can harm device functionality, invade user privacy, and, consequently, prove incredibly difficult to deploy on employees’ personal devices.

Related stories:
BYOD security in remote work era still riddled with issues
Bitglass deepens integration with MFA vendor Duo Security
Arrow to distribute SecureAuth identity security
Months on, many organisations still don't have secure remote access - report
Bitglass & CrowdStrike develop agentless ATP defender
Interview: Yubico A/NZ vice president on passwords in the modern world
Dig deeper:
Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More
Download image
Telling the difference between genuine & malicious users on your network
Multifactor authentication can help to secure VPN access – and it’s as simple as 1, 2, 3. More
Story image
Tanium and Google Cloud bring greater security to distributed IT
“This joint solution with Chronicle gives Tanium customers access to massively scalable analytics and investigation capabilities far beyond that of other endpoint detection and response point tools."More
Story image
Huawei all-flash arrays scoop 'Recommended' rating from DCIG
The DCIG guide has recognised Huawei’s OceanStor Dorado V6 and OceanStor F V5 series, which have both achieved ‘Recommended’ ratings. More
Story image
Fortinet reports total revenue of $615.5 million
Strong demand for secure SD-WAN and work-from-home capabilities helped power 18% second quarter revenue growth. More
Story image
Attivo named by Gartner as Sample Vendor for deception platforms
The company was named as an example of platforms that create false artifacts to aid threat detection in Gartner’s 2020 Security Ops Hype Cycle report.More
Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More
Download image
Telling the difference between genuine & malicious users on your network
Multifactor authentication can help to secure VPN access – and it’s as simple as 1, 2, 3. More
Story image
Tanium and Google Cloud bring greater security to distributed IT
“This joint solution with Chronicle gives Tanium customers access to massively scalable analytics and investigation capabilities far beyond that of other endpoint detection and response point tools."More
Story image
Huawei all-flash arrays scoop 'Recommended' rating from DCIG
The DCIG guide has recognised Huawei’s OceanStor Dorado V6 and OceanStor F V5 series, which have both achieved ‘Recommended’ ratings. More
Story image
Fortinet reports total revenue of $615.5 million
Strong demand for secure SD-WAN and work-from-home capabilities helped power 18% second quarter revenue growth. More
Story image
Attivo named by Gartner as Sample Vendor for deception platforms
The company was named as an example of platforms that create false artifacts to aid threat detection in Gartner’s 2020 Security Ops Hype Cycle report.More
Link image
Nine developer enablement practices to achieve DevOps at enterprise scale
Senior software engineering leader with experience at multiple Fortune 500 companies shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Download image
The three essentials of authentication, according to RSA
Pervasiveness, connectivity, and continuity: Without them, you may as well leave your organisation's front door wide open.More
Story image
10 billion records sit in unsecured databases - China leads the pack
A white hat hacker hacker uncovered a total of 9517 unsecured databases worldwide, collectively containing more than 10 billion entries.More
Story image
Q&A: Barracuda VP on how SD-WAN can aid in public cloud adoption
Techday caught up with Barracuda RVP of public cloud & strategic alliances Chris Hill to discuss why SD-WAN is fast becoming the launch pad into the cloud.More
Link image
How virtualisation has overhauled traditional HSM
Hardware security modules (HSMs) have undergone a drastic change since the inception of cloud computing. Here's how virtual HSMs can boost growth and security, compared with their predecessor.More
Story image
Internet outages drastically increased during COVID-19 lockdowns, report finds
Global internet disruptions increased 63% in March, with internet service providers hit the hardest. This is according to the 2020 Internet Performance Report from ThousandEyes, the internet and cloud intelligence company.More
Link image
The dos and don'ts of protecting a remote workforce
This exclusive monthly webcast series explores all of the possible security pitfalls of working remotely, and the best solutions to use to avoid falling victim to them.More
Story image
Data breaches costing companies millions - could incident response help?
On average, data breaches cost companies $3.86 million per breach, with compromised employee accounts the most expensive root cause.More
Story image
WatchGuard releases two new enterprise-grade APs
The AP225W for multi-dwelling unit deployment and the AP327X for harsh outdoor environments.More
Story image
Forescout and Arista Networks embark on new Zero Trust security partnership venture
Forescout and Arista Networks have come together to deliver Zero Trust security and greater device visibility and enforcement across heterogeneous networks.More
Story image
AWS launches fully-managed fraud detection service
Businesses lose billions of dollars to online fraud every year, however businesses respond by investing in cumbersome fraud management solutions that often rely on hand-coded rules and are difficult to keep up to date.More
Story image
Video: 10 Minute IT Jams – Who is Claroty?
Its focus is on simplifying OT availability, reliability, and safety for a more secure working environment – without requiring downtime or dedicated teams.More
Download image
Why there's a huge push for NFV in today's enterprises
To help networking and IT professionals better understand the opportunities and challenges associated with deploying NFV technology, new research based on responses from more than 1,300 IT and networking professionals from around the world is now available. More
Link image
A new SASE approach with teeth
Harness firewalling, web content inspection, malware scanning, URL filtering and more with a converged SASE approach - and ensure attackers are consistently stopped in their tracks.More
Story image
Slack unveils new security features as remote working skyrockets
Slack has introduced new security features, integrations and certifications to its platform in response to growing security concerns as more people work remotely.More
Story image
80% of security breaches involve exposure of customer data - IBM
The new report from IBM indicates that 80% of surveyed organisations reported having exposed customers’ personally identifiable information (PII) as a result of a breach.More
Story image
CrowdStrike announces two executive hires, with aim to expand in A/NZ
The endpoint protection company says both executives will be responsible for boosting customer experience (CX) while delivering success mutually with CrowdStrike’s partner team as part of their new roles.More
Story image
Cyber-attacks thrust IT compliance to the top of the business agenda
If an organisation is running on the cloud, its ecosystem has to be compliant with industry standards and frameworks. Here are some tips on how to ensure compliance processes are fit for purpose.More
Story image
Beware of these six L7 DDoS attacks
As more services are migrating online, DDoS attacks are increasingly shifting away from the network layer, and into the application layer, writes Radware product marketing manager Eyal Arazi.More
Story image
Malware attacks abusing machine identities grew eightfold over the last 10 years - report
"Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect."More
Story image
Fortinet's Secure SD-WAN - empowering remote workforces
Secure SD-WAN supports remote workforces, simplifies management and helps ensure business continuity. More
CompTIA's new threat intelligence resource officially launches
The new resource is designed to help technology solution providers, managed services providers (MSPs) and other organisations searching for critical cybersecurity threat intelligence. More
Fortinet holds position as fastest-growing SD-WAN vendor
According to a new Omida report, the company has seen a 247% revenue growth year-on-year. Plus, Fortinet announces Fortigate 80F.More
Businesses underutilising cloud security due to lack of education and training
Demand is high for cloud security access brokers (CASB), but more training and clear goals are needed to ensure companies get full effectiveness of products.More
InfoTrust named Mimecast’s A/NZ Growth Partner of the Year
The award reflects InfoTrust’s customer-centric approach with a focus on optimising ROI for customers’ security investments, the company says.More
HSM: The next evolution in trust for today’s wireless world
HSM is wired technology for the wireless world – but not all are created equal. Learn more about HSMs, their pros & cons, and the case for virtual HSM models in business.More
CERT NZ provides threat intelligence for InternetNZ's DNS Firewall
"It’s important to InternetNZ to keep adding intelligence to Defenz to make sure our customers are protected from known security threats."More
Driving cloud cost efficiency with performance monitoring
Cloud infrastructure sprawl sneaks up on organisations through a series of individual decisions that in aggregate become inefficient. Thomas Dittmer shares how performance monitoring helped TravelSupermarket reduce cloud costs by 50%More
OkCupid website and app found to have significant security flaws
The popular online dating service has been found to have several vulnerabilities which, if exploited, could put the private data of users in danger of being stolen.More
The definitive guide to complete network visibility
Get ready to learn what over 80% of the Fortune 100 can do with Gigamon network visibility and security for your business.More
How do your workforce capabilities compare to industry standards?
Managing today’s workforce-related challenges requires a comprehensive security and risk management approach that includes capabilities to meet many different objectives.More
42% more plaintext HTTP servers than HTTPS counterparts - report
Rapid7 has released a report detailing the changing internet risk landscapes of 2020, and other issues facing cybersecurity teams.More
Fortinet unveils firewall offering for hyperscale & 5G environments
The company continues to push the boundaries of hardware-accelerated performance for security and networking convergence.More
16 reasons why you should move your backup to a NZ-hosted solution
It turns out that our own backyard has plenty of advantages over other international locations.More
How to stop your data lake from turning into a data swamp
Collecting data is easy – it’s gleaning the intelligence that’s the difficult part. More
Why answering the question of orchestration vs automation will improve your security effectiveness
Organisations are looking to improve their security operations effectiveness, efficiency, and staff satisfaction, with security, orchestration, automation and response (SOAR) fast becoming a trending approach. More
Dynamic Workforce Risk - what it is, and how to mitigate it
Dynamic workforce management is essential for enterprises with a diverse staff and a 'revolving door' of joiners, movers and leavers. Here's how to manage your workforce in a rapidly changing business environment.More
Who are the 2020 Mimecast A/NZ partner award winners?
“We congratulate all winners for being recognised as Mimecast's top performing partners and individual across the region.”More
Network intelligence is stopping a wave of DDoS misdiagnosis
Security teams already know the value of a layered defence; it’s time to add more layers, writes ThousandEyes principal solutions analyst Mike Hicks.More
More stories