Protect Your Organization from Becoming a Cryptomining Rig
Written by Aaron McKee, Director, Cybersecurity & Threat Analytics on March 28, 2018
Ransomware? Please, that’s so 2017. Today’s cool kid hackers, and the most sophisticated threat actors, have evolved their methods and are now focused on illicit cryptomining as the easiest, most profitable new way to take advantage of organizations. Illegal cryptomining, utilizing the compute resources of unsuspecting enterprises, benefits from increasingly anonymous cryptocurrencies, new and evolving cryptocurrency mining software, and millions of unsuspecting targets who may not be aware or care that they’re being used for their electricity and compute power. But for IT departments managing in-house servers, or paying a spiking AWS or other hosting bill, the problem is very real.
Mining cryptocurrency is all about ‘borrowing’ the computational power of systems. Both on-premises and cloud-based resources are likely to continue to be targeted by hackers, who will look for the weakest link to install and propagate the mining software. In many ways, gaining access to a company’s cloud-based resources may be as effective and perhaps more efficient than amassing a large number of on-premises systems, but hackers are likely to target any server that doesn’t have solid security controls, regular security auditing, or the adoption of more fine-grained network access controls to help to prevent the spread of malware within an organization. So how can organizations detect this problem, and prevent their servers from being used in the future to mine cryptocurrency?
Cryptomining attacks are not going away anytime soon, and attackers continue to become more sophisticated in their attacks, using fileless miners and native applications to execute malicious code in memory. Leaders in cyber security are working diligently to ensure new solutions include capabilities to monitor and detect for this activity. Offerings in this marketplace will continue to grow and become more affordable to a wider audience. It is often said that for every step the good people take, the bad people take two. While this may sometimes be true, our job is not always about keeping up with them. Our adversaries often work in silos, where as we work together to innovate new solutions which limit their ability to compromise networks.