A report published by the Cyber Threat Alliance shows a 459% increase in so-called “cryptojacking” attacks, and a recent study by Redlock Cloud Security Intelligence showed that 25% of companies were unknowingly suffering from crypto-hacking activity in their cloud.
How to deal with this new threat, still badly identified by companies?
- What is Cryptojacking?
Because of its high profitability, its low risk of traceability, and its simplicity of implementation, cryptojacking attracts more and more hackers. The threat exploded in two years, all the more so, as Cisco points out, that the value of cryptocurrency was, until recently, very high. Criminals can earn about 25 cents a day from an infected computer, even if it’s about running a less common cryptocurrency, like Monero’s. This sum, which may seem ridiculous, quickly represents significant revenue when hundreds of thousands of machines are infected.
2. When cryptojacking becomes cloudjacking
Why simply access and steal the machine power of a business when the cloud offers virtually unlimited resources? Cyber criminals understand this and it is not surprising to see an increase in the phenomenon of cloudjacking, which involves stealing the processing and storage of someone else’s cloud account.
Many combine this practice with cryptojacking to enhance their mining capabilities. Together, the two methods of hacking can be used to exploit cryptocurrency at a very fast pace, with attractive revenue prospects.
Of course, public cloud platforms, especially IaaS computing platforms, are particularly popular targets for cryptojackers, as they offer tremendous processing power in an environment where hackers think they can go unnoticed.
Earlier this year, Tesla was a victim of cloudjacking. Other multinationals like Aviva and Gemalto have also revealed similar violations of their cloud infrastructure.
In the Tesla example, researchers discovered that Tesla’s AWS cloud systems had been compromised for the purpose of generating cryptocurrency. The attackers ran several data mining programs and hid the IP addresses behind the CloudFlare content delivery network. This measure effectively disguised their activities as conventional firewall and intrusion detection systems. They also deliberately saturated the operating system so that it runs at a rate that does not trigger high-performance detectors.
3. 6 tips to protect yourself
Fortunately, most security measures used to prevent known web vulnerabilities can help prevent hackers. Here are some of the best tips for enhancing security:
- Train employees to become aware of the threat
Probably easier said than done, but the message will eventually pass. As with so many cybersecurity threats, employees are the first line of defense and the more they know, the better they will be equipped. Make sure all security training includes information on both cloudjacking and cryptojacking, what to look for, and how to prevent it. In particular, focus on using phishing to access computers and IT environments.
- Deploying ad-blocking or anti-crypto extensions on browsers
To speak without acting is useless. The training is useless if nothing is done to prevent the automatic execution of cryptojacking scripts found on malicious websites and in certain advertisements. Because many attacks are delivered this way, installing ad blockers can be an effective way to stop them. Some ad blockers even have the ability to detect mining scripts, which makes them particularly effective. So it’s time to invest in such a solution!
- Require everyone to enforce strong passwords and two-factor authentication on cloud applications and IT resources.
This is a safety measure that is as easy to describe as it is to apply – it’s important to do it. Changing the default passwords and applying two-factor authentication can prevent a significant number of attacks even if the credentials are compromised. An example to illustrate it: the attackers infiltrated the environment of Tesla via the administration console of the company Kubernetes, which was not protected by a password. Neglect that can happen to everyone … check your consoles.
- Use effective, up-to-date cloud and workstation protection
All the protection solutions are not equal. Many cloud and terminal protection solutions are now able to detect known crypto-miners. Thus, even if an employee inadvertently clicks on malicious links or visits infected sites, attempts to compromise the system can be avoided. Of course, cybercriminals constantly change their techniques and constantly rewrite their code to try to avoid detection.
- Make security updates and patches a daily discipline
Security vendors regularly release patches that protect against the latest malware discovered. Ignoring these patches is too common, but also completely irresponsible, and can unnecessarily expose workstations, network infrastructure, and cloud resources.
- Adopt data security solutions
Yes, but robust. Mobile data security solutions will help control exactly what’s happening on users’ devices and reduce the risk of compromise. Nowadays the contribution of your own device (BYOD), the conventional management of mobile devices (MDM) is becoming increasingly difficult to apply. However, there are now a variety of completely agentless solutions that can offer all the benefits of MDM, except for privacy and deployment issues. Do a market research to choose the best choice for your business.
In the end, the increase in cryptojacking has taken companies and security experts by storm in the last six months. While not as damaging as other forms of malware, these attacks, if not discovered, can still cause significant damage to a company’s bottom line and reputation.
Fortunately, companies can take the proactive steps above to protect themselves from crypto-mining and cloud-jacking. But do not hang around, pirates are numerous, agile and thirsty for the computing power your company has access to …