New Zealand
Story image

How to avoid becoming a cryptojacking victim - Bitglass

14 May 2019
Contributor
Share:
LinkedIn
Twitter
Facebook

Article by Bitglass CTO Anurag Kahol

Fifty percent of organisations have malware in at least one of their cloud applications according to a report published by Bitglass. 

Cloud cryptojacking has become the biggest cybersecurity threat facing businesses, especially enterprise-level organisations. 

What is cryptojacking?

The term ‘cryptojacking’ refers to the unauthorised use of a third party’s computing resources to mine cryptocurrency. 

Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum, so it is unsurprising that hackers are targeting vulnerable data centres to help them boost their capabilities.

Cloud-based resources, and in particular infrastructure-as-a-service (IaaS) platforms, are main targets for this activity as they offer virtually infinite resources and tremendous processing power, as well as an environment where attackers can largely go undetected. 

The methodology used to obtain the right accesses for cryptojacking are not dissimilar to other cyber threats like ransomware. 

Often it will be via phishing emails that load cryptomining code, or via a website that has been infected with a specific JavaScript code that will auto-execute when loaded. 

This particular method often goes undetected by the victim for a long time as it runs silently in the background.

The most often cited case of cryptojacking took place in 2018 when Tesla fell victim to an attack. 

The automotive company discovered that some of its Amazon Web Services (AWS)  infrastructure was being appropriated for mining. 

The attack had been concealed from conventional firewalls and intruder detection systems as the cybercriminals had hidden the IP addresses of their mining programs behind a content delivery network; they had also throttled the mining software to ensure that it did not trigger high-usage-detection systems.

Here are five tips to secure infrastructure against cryptojacking:

1. Employee awareness
Employees are every organisation’s first line of defence, so make sure they are equipped with the right tools and training to be an effective part of the security strategy. 
Employees that are well versed in the company’s cybersecurity policies are less likely to fall victim to an attack. 
Teach them what to look for and what to avoid - focus on the threat of phishing attacks. 

2. Deploy the extensions
As mentioned earlier, one method cybercriminals use is to lace websites with auto-executing cryptojacking scripts. 
All employees should deploy ad-blocking and anti-cryptomining extensions on web browsers to avoid downloading this type of code from websites. 

3. Passwords and multi-factor authentication (MFA)
MFA and strong passwords should be in place for all cloud apps and IT assets. 
The attackers who compromised Tesla’s environment went through an administration console that was not password protected. 
Passwords should, as a minimum, include a mixture of alphanumeric credentials, and enforcing multi-factor authentication are must-haves for ensuring the protection of sensitive enterprise assets. 

4. Updates are not an option
Patches and software updates are regularly released by all security vendors – these are not optional.
Promptly install them to ensure endpoints and cloud-based tools have their security gaps filled, protecting them from the latest threats.  

5. Securing personal devices  
With BYOD becoming more common among businesses, securing personal devices is a must. 
This is most effectively achieved through an agentless solution, as tools like mobile device management (MDM) can harm device functionality, invade user privacy, and, consequently, prove incredibly difficult to deploy on employees’ personal devices.

Related stories:
Time to include multi-factor authentication in your cybersecurity strategy - WatchGuard
Carbon Black discovers evolution of popular cryptomining campaign
Yubico launches lightning-compatible security key
Check Point: Attackers executing commands remotely with latest malware
Only 20% of organisations use cloud DLP – Bitglass
92% of businesses experience identity challenges - LastPass
Dig deeper:
Story image
19 Sep
Veritas and Pure Storage team up to reduce downtime for applications and services
Three new integrations just announced extend the collaboration across the Veritas Enterprise Data Services platform providing Veritas and Pure Storage customers with business continuity.More
Story image
06 Sep
Scale Computing integrates Acronis services into HC3 platform
The Scale Computing HC3 platform will now include Acronis Backup, which will deliver data protection, disaster recovery, and threat mitigation.More
Story image
13 Sep
IoT a hot topic in cybercriminal underbelly
"We've lifted the lid on the IoT threat landscape to find that cybercriminals are well on their way to creating a thriving marketplace for certain IoT-based attacks."More
Story image
10 Sep
Security flaw left Android phones open to SMS phishing attacks found
Check Point Research discovered the vulnerability impacts phones from Samsung, Huawei, LG, and Sony.More
Story image
02 Sep
Advanced Security named as NZSA Security Integrator of the Year
The company also won an award for staff retention and development, and one of its staff was recognised as professional of the year in his sector.More
Story image
18 Sep
Why businesses need a strategy to combat the enemy within – Ping Identity
While strengthening your organisation’s external defences with the latest tools and technologies makes sound sense, it’s only half a battle plan.More
Story image
Veritas and Pure Storage team up to reduce downtime for applications and services
Three new integrations just announced extend the collaboration across the Veritas Enterprise Data Services platform providing Veritas and Pure Storage customers with business continuity.More
Story image
Scale Computing integrates Acronis services into HC3 platform
The Scale Computing HC3 platform will now include Acronis Backup, which will deliver data protection, disaster recovery, and threat mitigation.More
Story image
IoT a hot topic in cybercriminal underbelly
"We've lifted the lid on the IoT threat landscape to find that cybercriminals are well on their way to creating a thriving marketplace for certain IoT-based attacks."More
Story image
Security flaw left Android phones open to SMS phishing attacks found
Check Point Research discovered the vulnerability impacts phones from Samsung, Huawei, LG, and Sony.More
Story image
Advanced Security named as NZSA Security Integrator of the Year
The company also won an award for staff retention and development, and one of its staff was recognised as professional of the year in his sector.More
Story image
Why businesses need a strategy to combat the enemy within – Ping Identity
While strengthening your organisation’s external defences with the latest tools and technologies makes sound sense, it’s only half a battle plan.More
Story image
NZ's global alliances put it at risk for cyber attacks, expert says
"Since 2018, there is clear evidence and a growing trend that the most significant and successful cyber-attacks are carried out by state actors."More
Story image
Palo Alto Networks expands commitment to NZ market
Palo Alto Networks is expanding its New Zealand business operations in order to better prepare local businesses for growing cybersecurity concerns.More
Story image
Katana Technologies releases anti-ransomware solution
Financial losses to cyber-attacks in New Zealand reported between 1 April and 30 June were $6.5 million, up from the $1.7 million reported in the previous quarter. More
Story image
Board members in A/NZ most engaged in cybersecurity – Infosys
The research highlights how cybersecurity is a top priority for organisations in the A/NZ market, with boards taking a more hands-on approach to cybersecurity.More
Download image
Understanding the shifting paradigm of the threat landscape
“The ability of threats to persist has made the whole idea of prevention obsolete.”More
Story image
HID Global acquires PKI-as-a-service solutions provider HydrantID
The acquisition of HydrantID will allow HID Global to offer enterprise customers a broader range of options, plus the flexibility and scalability of PKI-as-a-service.More
Download image
Does your security team need a boost from an MSSP partnership?
Rackspace’s e-book has a practical set of protection measures, providing a framework for security decisions relevant to data centre and cloud infrastructure.More
Story image
Businesses ignoring security when investing in new tech
Only a quarter of organisations are prioritising security when it comes to technology investment, according to a new report by Advanced. More
Story image
Are they listening? Kiwis wary of smart devices
While talking aloud, a voice-activated, home-based smart speaker asked for more info - even though it was not turned it on. More
Story image
Tapping into SD-WAN’s productivity gains without the security concerns
If you can migrate all of your security requirements to a single, interoperable security fabric, you can reduce your operational overheads significantly.More
Story image
Zscaler and CrowdStrike partner on cloud and endpoint protection
CrowdStrike’s AI-powered Threat Graph will integrate with Zscaler’s cloud security platform to provide customers with real-time threat detection and automated policy enforcement.More
Story image
Five winning strategies for VMware in 2019
We look under the hood at the enterprise software vendors plans for the year.More
Story image
DNS amplification attacks increase 1000% since last year - Nexusguard
Enterprise networks and communications service providers (CSPs) need attack mitigation as DNS patch adoption creates new threats.More
Story image
Illusive Networks joins LogRhythm technology alliance partner program
The resulting integration will provide real-time, post-breach threat detection while enhancing and automating incident response.More
Story image
AlgoSec announces new features to improve Cisco ACI automation and application visibility
AlgoSec A30 release delivers new automation capabilities that enable zero-touch security management across SDN, cloud and on-premise networks. More
Story image
nCipher launches HSM-as-a-Service for organisations adopting cloud-first strategies
nShield-as-a-Service is ideal for cloud-first strategies, selective cloud migration, or adding HSM capacity to handle workload spikes.More
Story image
GitHub amps up vulnerability reporting capabilities
GitHub has announced new capabilities that make it easier for developers to report vulnerabilities directly from their repositories.More
Story image
Gartner names Trend Micro leader in endpoint protection platforms
The endpoint is increasingly the frontline in the war against cyber-threats and IT teams are overwhelmed by the volume of alerts they must manage.More
Story image
Blockchain revenues to near US$10B despite 2018 crypto winter
This year blockchain is starting to find its feet as innovators find the use-cases that suit the specific areas in which it can provide value.More
Story image
Carbon Black discovers evolution of popular cryptomining campaign
Attackers could theoretically pull in an estimated $1.6 million annually by leveraging this attack model, which began about two years ago.More
Story image
Proofpoint and CrowdStrike partner on endpoint protection integration
In the first technology integration, Proofpoint will check potentially malicious attachments with CrowdStrike Falcon Intel and will add new hashes to the customer’s custom intelligence.More
Application shielding startup RedShield raises $14m
RedShield CEO and co-founder Andy Prow says that taking capital from a New Zealand private equity player was a strategic choice.More
Whitepaper: The IT directors’ guide to application modernisation
The digital enterprise couldn’t exist without modern applications – otherwise it would be nothing more than a stale system that’s slow to react.More
Digitally transform without fear with consistent security policies
DX carries increased risk, especially as organisations extend their network operations further afield with Operational Technology (OT) and tap into new opportunities with 5G.More
Trustwave platform brings more visibility and control cloud security
The platform aims to give internal security teams deep visibility, technologies and the security expertise necessary for protecting assets and eradicating threats as they arise.More
The true extent of cloud inertia’s effect on your organisation
The report dives into the importance of expertise to an organisation’s cloud evolution and the impact the current technical skills gap is having on businesses.More
Gartner: Blockchain to be “transformational” within a decade
Gartner’s 2019 Hype Cycle for Blockchain Business shows that blockchain will have a transformational impact across industries in 5 to 10 years.More
Time to include multi-factor authentication in your cybersecurity strategy - WatchGuard
Enterprises looking to reduce the risk of cyber-compromise or attack need to think about adding multi-factor authentication technology to their arsenal.More
Over 50% of incident response requests occur after damage complete – Kaspersky
It is often assumed that incident response is only needed in cases when damage from a cyber-attack has already occurred and there is a need for further investigation.More
VMware's open pledge to help partners and customers make their mark
Technology is neither good nor bad, but it’s often how we shape it. Will technology shape the world we want to live in? Or will it create a world we’re afraid to live in?More
Beyond deployment: Making AWS work for your use case
If you’re a business that wants to understand how to save time with your technology, AWS actively seeks those optimisations and gets your technology to work in ways it couldn’t work before.More
Fileless attacks surge as attackers look to boost ROI
Fileless attacks have skyrocketed 265% this year compared to the first half of 2018, and there’s no sign that they will slow down.More
Rapid data growth becoming major business challenge
StorageCraft research reveals rampant data growth, and inadequate IT infrastructures are a source of global concern and risk.More
F&S: Global first responder C3I spending to near US$100 million
Providing solutions that can make cross-agency sharing and access efficient and effective will augment growth prospects, finds Frost & Sullivan.More
How the iPhone malware discovery affects Apple users – Malwarebytes
The malware implant has been patched, but iPhone users should ensure they’re running on the latest version of iOS (12.1.4) to leverage the security patches.More
Number of attacked medical devices declines globally, but not in APAC - Kaspersky
Medical devices include all servers, computers, mobiles and tablets, IoT gadgets, and hospital machines that are connected to the internet inside a healthcare facility.More
Citrix and Palo Alto Networks team up on SD-WAN protection
The collaboration aims to enable easy deployment and management of next-generation firewalls within Citrix SD-WAN.More
Apple issues clarification on extent of iOS malware infection
The attack affected fewer than a dozen websites that focus on content related to the Uighur community. More
Stairway to hell: Scams, ransomware, and $6.5m gone from Kiwis' pockets
In just a three month period this year, New Zealanders reported more than 1000 cybersecurity incidents and financial losses of $6.5 million to CERT NZ.More
More stories