7 Ways to Protect Against Cryptomining Attacks
Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
March 22, 2018
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt080d81c41edc7bce/64f0d618e0df3a0708778b62/01-cryptoprotect.jpg?width=700&auto=webp&quality=80&disable=upscale)
Cybercriminals are increasingly hijacking enterprise systems and websites for cryptocurrency mining.
Crowdstrike and several other security vendors have recently reported incidents where businesses have suffered serious application - and operational - disruptions after attackers took over their systems to mine for Monero, and to a lesser extent, other digital currencies like Ethereum and Zcash.
In many other instances, criminals are surreptitiously installing cryptominers on websites and hijacking systems belonging to people visiting the sites.
Unlike ransomware and other malware, cryptominers are often legitimate software tools that are not always detected by anti-malware products. Since the only thing they do is use a system's CPU resources to crunch algorithms, cryptomining tools can sometime run invisibly without anyone detecting them. Many cryptomining tools deliberately throttle CPU and power usage so their presence on a system becomes even more unobtrusive. In fact, performance slowdowns often are the only indication that a computer has been hijacked for cryptocurrency mining.
Like many other unwanted software tools, cryptocurrency-mining software presents a threat mainly to organizations that fail to follow basic and long-prescribed security hygiene. The tools are distributed like any other malware product, and protecting against them requires the same measures.
Here are some of the best practices you should already be following to protect against cryptomining tools - and any malware.
Strong endpoint protection is critical to preventing cryptocurrency mining malware, says Bryan York, director of services, CrowdStrike. If you don't want crypto tools to run on your end user and host systems, keep them patched and properly updated. Consider using ad blockers, disabling JavaScript, and using browser extensions specifically designed to prevent cryptomining when browsing the Web. Implement multi-factor authentication for remote access. Segement your networks to limit lateral movement, York says.
Endpoint technologies are becoming available that can help you detect and block cryptomining software and behaviors associatied with these tools, York says. "Additionally, some advanced endpoint technologies offer the ability to block cryptocurrency mining software that use fileless malware techniques to infect and spread through a network." Consider using them, he says.
Consider implementing a centralized logging capability for detecting, restricting, and capturing malicious activity, adds Mike McLellan, senior security researcher for Secureworks' counter threat unit. One way to identify outbound cryptocurrency mining traffic is to use monitored egress points to manage outbound network connections traffic, particularly any unencrypted traffic that is using non-standard ports.
Make sure criminals are not using your website to host cryptomining tools. Criminals frequent install mining software on websites without the knowledge of the site owners, and then hijack the computers of visitors to these sites to mine for Monero and other cryptocurrencies.
"Web server security hardening with content security policy and similar security mechanisms can prevent many common exploitation vectors of cross-site scripting and cross site request forgeries," says Ilia Kolochenko, CEO of High-Tech Bridge. Make sure your admin passwords are strong and unique and implement two-factor authentication where you can.
A Web application firewall can help mitigate, or at least reduce, exploitability of unknown vulnerabilities or vulnerabilities in custom code, he says. "[Importantly], continuous security monitoring has become a de facto standard to ensure Web application security. Sometimes you or your colleagues may just forget something - four eyes are always better than two," Kolchenko says.
Hackers have begun hijacking public cloud accounts of major companies to mine for cryptocurrency, says Daniel Nelson, vice president of product management at BMC. For example, hackers have hijacked compute power in insecurely configured Kubernetes container clusters in AWS to mine cryptocurrency, he notes.
"Enterprises should implement a policy automation solution, such as SecOps Policy Service, to continuously monitor, assess, and remediate container stacks," Nelson says. Use these tools to programmatically enforce security policies within your container stack.
Make sure you can detect cloud blind spots. "Shadow IT is very much alive today," Nelson says. Even if IT knows about all the servers that have been provisioned in the cloud, there's a good chance they won't know all of the software installed on those servers, so discovering the extent of your cloud use is vital, he says.
If you don't need a service, disable it, Secureworks' McLellan says. That includes internal protocols such as SMBv1. If an application has no legitimate business function, get rid of it. Restrict access to system components that cannot be removed but are totally unnecessary for most users, such as PowerShell.
IoT devices like Internet-connected factory floor sensors, security cameras, and smart thermostats don't have too much processing capacity and are therefore likely to be of relatively low interest to attackers looking to hijack systems for cryptocurrency mining purposes. But if they do get hijacked, chances are good you wouldn't even know, says Kolochenko of High-Tech Bridge.
"Millions of IoT devices, which are designed to process or store confidential, or personal, information do not even have a basic password protection option, or have a hardcoded admin password without the possibility of changing it," he says. The Web interfaces of IoT devices and the open source components presents in many of these devices are often riddled with critical vulnerabilities that can be exploited.
>
IoT devices like Internet-connected factory floor sensors, security cameras, and smart thermostats don't have too much processing capacity and are therefore likely to be of relatively low interest to attackers looking to hijack systems for cryptocurrency mining purposes. But if they do get hijacked, chances are good you wouldn't even know, says Kolochenko of High-Tech Bridge.
"Millions of IoT devices, which are designed to process or store confidential, or personal, information do not even have a basic password protection option, or have a hardcoded admin password without the possibility of changing it," he says. The Web interfaces of IoT devices and the open source components presents in many of these devices are often riddled with critical vulnerabilities that can be exploited.
>
Cybercriminals are increasingly hijacking enterprise systems and websites for cryptocurrency mining.
Crowdstrike and several other security vendors have recently reported incidents where businesses have suffered serious application - and operational - disruptions after attackers took over their systems to mine for Monero, and to a lesser extent, other digital currencies like Ethereum and Zcash.
In many other instances, criminals are surreptitiously installing cryptominers on websites and hijacking systems belonging to people visiting the sites.
Unlike ransomware and other malware, cryptominers are often legitimate software tools that are not always detected by anti-malware products. Since the only thing they do is use a system's CPU resources to crunch algorithms, cryptomining tools can sometime run invisibly without anyone detecting them. Many cryptomining tools deliberately throttle CPU and power usage so their presence on a system becomes even more unobtrusive. In fact, performance slowdowns often are the only indication that a computer has been hijacked for cryptocurrency mining.
Like many other unwanted software tools, cryptocurrency-mining software presents a threat mainly to organizations that fail to follow basic and long-prescribed security hygiene. The tools are distributed like any other malware product, and protecting against them requires the same measures.
Here are some of the best practices you should already be following to protect against cryptomining tools - and any malware.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024