How to protect against cryptocoin mining attacks

How to protect against cryptocoin mining attacks

This is a contributed article by Richard Agnew, EMEA VP at Code42

Ransomware continues to be a hot topic. With high-profile attacks from WannaCry and NotPetya in 2017, ransomware continues to be a cyber threat keeping IT leaders up at night. But another menace has surged, replacing ransomware as the bigger malware-of-choice among cybercriminals: cryptomining malware.

According to recent reports by Comodo, the number of unique cryptominer malware variants grew 35 percent in Q1 2018, while the number of unique ransomware variants declined 42 percent during the same period. Malicious cryptocurrency mining software now has the dubious distinction of moving into the top spot in detected malware threats.


What is cryptomining malware?

Cryptominer malware infects computers in order to quietly and stealthily mine cryptocurrencies, such as Bitcoin or Monero. While cryptocurrency mining malware has been around since Bitcoin first appeared in 2009, it’s enjoyed increasing popularity among cybercriminals since Bitcoin value really took off in the last couple years. It’s no coincidence that Bitcoin’s valuation surge to $20,000 at the beginning of 2018 happened at the same time that cryptomining malware became king of the malware hill.

Cryptojackers enter a computer as a Trojan horse so users may be unaware of their presence. Often the only symptom is a performance slow-down or a spiking electric bill.  While Bitcoin was the original target for many coin mining attacks, Monero has become popular among cybercriminals because of its secrecy level.

However, cryptomining malware doesn’t typically infect just one machine. Attackers more commonly deploy botnets of infected systems working in tandem to make their money from an organization’s equipment – and potentially its customers. One system vulnerability is invariably linked to many others, which means entire networks could potentially be exposed to further exploits and other cybercriminals.


How to identify and mitigate the risks

Here's how to identify and mitigate the risks of being infected by a cryptojacker:

  • Although it’s becoming pervasive, cryptomining malware is sometimes viewed as less of a threat than ransomware or other malware that can result in data loss. However, if cryptomining malware can make its ways inside your organization, so too can other, even more disruptive malware. That’s why it’s critical to have a multi-layered security strategy in place that not only includes prevention, but also enables visibility across the environment and complete recovery of data.
  • Not monitoring your endpoints puts your organization at risk for cryptomining malware as well as other malware. Cybercriminals love endpoints because at many companies, they operate as isolated outposts, unprotected and unmonitored by centralized security controls. Companies should make use of endpoint monitoring technology to watch for activity that could indicate the presence of a cryptomining malware, such as slowed performance.
  • When it comes to creating data security vulnerabilities, employees represent one of the biggest risks for businesses — even when companies have strong security perimeters. Organizations must protect against inadvertent or malicious employee activity that can create an opening for cryptomining or other malware attacks. Some security best practices include: two-factor authentication, web application firewalls or content filtering, user account privilege and password management systems, incident response training, and user education on the different malware threats, including cryptomining.
  • If you’re not diligent about keeping your company’s overall IT environment up-to-date, you also face increased risk of being infected by cryptomining malware. Companies can go a long way in protecting themselves from cryptojackers by: disabling access to unused services, making use of pen testers, increasing the regularity of software updates and patching, reviewing security architecture, implementing endpoint security technology, regularly updating antivirus software, and improving your backup regimen.

While many experts expect ransomware to resurge as a top security threat due to its potential to create widespread havoc, cryptomining malware in the meantime can create a slow drain on resources. Sophisticated organizations with a comprehensive data security strategy that takes into account prevention, visibility and recovery are in good shape to mitigate the risk of cryptomining malware. Companies that take a more simplistic approach that focuses only on one dimension of security are putting themselves at risk from the latest top malware threat. Which are you going to be? 


« News Roundup: There's malicious code in my website, dear Liza…


Smart Cities: Is the West lagging behind India and the Arab states? »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?