Cryptojackers Strike Again
No organization is exempt from cryptojackers.
It doesn’t even matter if your organization does amazing things for people in unfortunate circumstance. Just look at what happened to the Make A Wish Foundation and use it as a cautionary tale.
For those of you who still don’t understand cryptojacking, according to a recent CSO Online article by Senior Editor Michael Nadeau:
Either way, the crypto mining code then works in the background as unsuspecting victims use their computers normally. The only sign they might notice is slower performance or lags in execution.”
Open source vulnerabilities are making this easier than ever. Marilyn De Villers reported on itweb in an article titled “Dangerous new trend in open source vulnerability” that:
“Cyber criminals are increasingly turning their attention to crypto-currencies. Encouraged by the rising popularity and value of crypto-currencies, they are exploiting open source to steal computing resources that allow them to actively mine crypto-currency.
By exploiting the vulnerabilities in applications built with Apache Struts, the same vulnerabilities that led to the notorious Experian hack, it's estimated that hackers walked away with at least $100,000 in crypto-currency.”
The results, as you may have imagined, can be catastrophic. What you may have thought was a safe crypto currency transaction may have been hijacked.
Cryptojacking Scores Billions
Cryptojacking is clearly a problem that is not going away. There has been a 400% jump between 2017 and 2018. Aditi Hudli validates this on Coindesk.com:
“Instances of cryptojacking malware have jumped more than 400 percent since last year, a new report finds.
A collaborative group of cybersecurity researchers called the Cyber Threat Alliance (CTA) published the report Wednesday, detailing the various and repercussions from cryptojacking – the illicit practice of hijacking a user’s computer to mine cryptocurrencies.
Most notably, CTA points out in the research that the number of instances of illicit mining malware found has sharply spiked in the months from the close of 2017 to end of July 2018.”
With increased frequency comes increased losses which in turn spawns increased interest in cyber criminals adding to the cryptojacking statistics. We’ve covered this subject in a previous blog titled “Preventing Malware Like PyroMine”, but even more significant recent cybercriminal successes bear identification:
- Crypto-jackers slip Coinhive mining code into YouTube site ads
- Hackers Cryptojack Tesla’s Cloud to Mine Monero
- Malicious Docker Containers Earn Cryptomining Criminals $90K
- Cryptocurrencies Plunged by Billions of Dollars Because a Minor Exchange Got Hacked
You Can’t Remediate Lost Coins
Coin providers will need to put much stricter security regimes in place to prevent cryptojacking. You should only consider solutions that use deep inspection and analysis methods which can interpret and detect malicious code in real time and immediately block threats, preventing unwanted code affecting your coin vault.
Your solution should ensure that every line of code is evaluated, making evasion techniques ineffective. Bottom line is that your users will be much happier now that content is flowing faster and safer throughout your organization and finance will be happier with the reduced expenses.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!