What Is Cryptojacking, and How to Protect Your Assets Against It?
As business owners are implementing new, more sophisticated cybersecurity mechanisms to protect their assets, cybercriminals are working on alternative methods of hacking. A relatively new one is cryptojacking.
Cryptojacking, also called malicious cryptomining, is a cybercrime that hijacks a person’s or a company’s resources to mine cryptocurrency without paying for mining resources like hardware or electricity.
Hackers usually leverage phishing techniques to infect devices or embed a virus in a party’s web browser. Personal computers, laptops, mobile phones, tablets, servers, cloud infrastructures — any device or program can be targeted by crypto hackers.
While a fairly new type of cyberattack, cryptojacking has turned into one of the most frequent threats. Namely, Google's cybersecurity team revealed that 86% of their compromised cloud platforms were due to cryptojacking. A year earlier, Cisco stated that 69% of their customers suffered from cryptomining malware.
Moreover, cryptojacking is becoming more complex and ingenious. Hackers are moving from browser-based attacks to host-based ones, including the infection of open source code, APIs, and containers.
Many of these cryptojacking attacks are targeted at mining Monero. To wit, in 2022, Crypto.com experienced the theft of $35 million in cryptocurrency, and BitMart lost $150 million in assets.
As we have mentioned, hackers make the most of a targeted party’s computing power to mine cryptocurrency, sending results to the cryptojacking server.
By using complex mathematical operations, crypto hackers can even run the malicious process in the background. The victim’s processing resources are being exploited to perform illicit cryptomining tasks as long as possible — without being discovered.
Both browser- and host-based attacks include some typical steps:
- Script writing: a hacker prepares a specific cryptomining script ready for infecting a victim’s website or device
- Script infection: the victim clicks a malicious link, unknowingly downloads cryptomining software, and compromises their website or infects their device
- Attack: the script starts exploiting computing resources for illicit mining operations
Any cyberattack brings with it the potential of significant reputational and financial risk, and cryptojacking is no exception.
One way is through the sheer level of consumption involved: crypto hackers exploit a victim’s electrical resources to a large extent and greatly damage their target’s hardware.
Specifically, due to overworking related to the malicious extraction of cryptocurrency, the hardware ages extremely fast. For example, a consecutive two-day exploitation of mobile devices might lead to battery swelling and even result in the physical deformation of those devices.
As cryptojacking malware exploits all the available resources, a company’s computer starts experiencing severe performance issues and might even stop functioning — bringing immediate damage to employees and customers. This puts both the company’s finances and its reputation on the line.
How to Prevent Cryptojacking: Four Steps
As cryptojacking is becoming more common, the methods to combat it must be as sophisticated as the very attacks themselves. Being experts in cybersecurity, Infopulse offers Microsoft-powered capabilities for mitigating cryptojacking attempts. Here are four essential steps worth taking:
Before anything else is considered or implemented, you should define the current state of security within your company. One of the optimal ways to do that is to conduct a security assessment and penetration testing.
A security assessment consists of a comprehensive audit of the entire IT infrastructure and processes, with the goal of identifying any architecture or configuration issues as well as thoroughly evaluating management, operational, and technical security controls.
Penetration testing, conversely, helps detect unknown architecture and network security issues, including unpatched services and systems, intentional backdoors, misconfigurations, and vulnerable shadow devices. In other words, it is an overarching analysis of the company’s applications from a hacker’s perspective. The main goal of such analysis should be to review the overall corporate IT infrastructure resilience to different kinds of malicious code that might be executed on corporate servers, endpoints, sites, etc.
After the coherent security analysis is done, it is time to implement best security practices to safeguard your assets and reputation.
To prevent cryptojacking, enable multi-factor authentication (MFA) for your users, implement endpoint detection and response (EDR) on your hosts or a full set of extended detection and response (XDR) solutions, and deploy WEB application firewall (WAF) to protect your WEB resources.
A case in point: Infopulse helped ATB-market, the largest retail chain in Ukraine, to implement an XDR solution – Microsoft Defender to level up the security of corporate and personal devices of employees. Infopulse designed test cases to prove the effectiveness of the solution and assessed the Defender’s capabilities for the client. After this, Infopulse provided the full-scale implementation of the solution that allowed for 24/7 protection of 1500+ BYOD and corporate endpoints, ML-powered anomaly detection, automation of incident investigation and response, and more.
Another best practice we recommend following is enabling network traffic monitoring. This allows detecting anomalies in traffic as well as blocking hosts and domains with bad reputation communicating over a corporate network.
As for more specific security techniques, you can use Microsoft-related functionality. Namely, activate notifications for Azure fraud detection to quickly spot fraudulent activities and take immediate action. Also, by automatically controlling Azure spending budgets and getting notifications when 80% of the monthly budget is spent, you can easily detect unusual trends and suspicious behavior.
Another way to safeguard your company from cryptojacking is to leverage Microsoft Defender for Cloud, including Cloud security posture management and Cloud workload protection platforms. This will allow you to continuously analyze your security posture and do so while protecting your workloads from known security risks in real time.
Furthermore, as part of a disaster recovery plan, create emergency “break-glass” accounts. Maintain them as highly privileged and use them in emergency scenarios, when normal administrative accounts cannot sign in.
To better manage, control, and monitor access to vital resources in your company, leverage Privileged Identity Management in Azure Active Directory. Minimize the number of parties who have access to secure information through time-bound access and auto-MFA for privileged roles activation. Also, you can bank on quick history download for comprehensive audits and convenient access reviews for roles access management.
A case in point: Infopulse implemented a hybrid IT infrastructure with the latest Microsoft cloud technologies to elevate the security level for a Ukrainian broadcasting company. Namely, the developer enabled hybrid identity management, simple and transparent authentication, and Azure AD Premium.
One more important piece in solving the anti-cryptojacking puzzle is real-time analysis. Monitor any relevant user activity to get automated notifications about risk detection. Also, investigate users at risk in real time to take immediate actions.
Another way to secure your assets is to apply best practices for Azure Active Directory roles. Assign specific roles to allow adding new users or changing existing ones, managing user licenses and domain names, as well as resetting passwords.
By leveraging Microsoft Identity Secure Score, you can assess how aligned you are with Microsoft's recommendations for security and implement best practices to enable improvements in this regard.
To prevent major risks from becoming reality, it is also a must to prepare a rock-solid incident response plan covering five stages: Detect, Assess, Diagnose, Stabilize, and Close.
A case in point: Infopulse leveraged the Microsoft suite to implement an overarching security strategy for its own protection. As a result, over 800 phishing email attacks were blocked, the protection of the external web services was expanded by 110%, and over 40% of cybersecurity events and incidents were processed. The implemented strategy empowered Infopulse to notably improve corporate security and ensure business continuity in uncertain times.
As cryptojacking is relatively new to the cybersecurity world, the approach to cryptojacking prevention should be well thought out. The practices and recommendations mentioned above will definitely get you started down the right path. To successfully implement them, you might need an experienced, dependable software partner.
As a reliable and long-standing Microsoft partner, Infopulse has a robust Security Operations Center (SOС) ready to address the most complicated security needs, including building specific protection solutions against known and unknown threats, monitoring suspicious activities in real time, detecting abnormal behavior, as well as investigating and preventing all types of incidents.
From starting with a scrupulous security analysis, to creating a robust security strategy, to best security practices implementation — Infopulse has your back!