As the cost to mine cryptocurrencies continues to increase, people are looking for ways to boost their mining bang for buck. With energy costs rising, it actually costs more to mine many coins than their current face value. As a result, some recent data points to cryptojacking software – that mines for cryptocurrencies without your consent or knowledge – becoming increasingly prevalent and impacting about a quarter of businesses in the ANZ region. What can you do about it.
Fortinet’s most recent Threat Landscape Report says the prevalence of cryptomining malware more than doubled from quarter to quarter, growing from 13 per cent to 28 per cent. And the bad guys are getting smarter with new fillers attack tools able to inject malicious code into web browsers and avoid detection.
The mining software can target multiple operating systems to produce different cryptocurrencies including Bitcoin, Dash, and Monero.
Interestingly, Malwarebyes says in their recent report, that Australia saw a decrease of 3.8 per cent from 147,721 detections in Q1, to 142,107 in Q2. And New Zealand saw a similar but more dramatic reduction.
Regardless of which way the numbers are tracking, and let’s not forget the data from two quarters is not a trend, we are seeing a significant security threat emerge. Although I was surprised to find this isn’t a new problem but has been around since around 2009 according to FireEye.
There was a case earlier this year when over 4000 government websites across the world, including many in Australia, used an plug-in that reads webpages out for people who are visually impaired that was infected, resulting in visitors to those sites mining cryptocurrencies for criminals.
Jack Chan, the Network and Security Strategist at Fortinet ANZ said “We also continue to see certain organisations more susceptible to attack, such as healthcare, education and local government. With threats continuing to rise, following best practice and tracking, monitoring, automating patching and applying the necessary security controls is essential for local enterprises”.
Unlike traditional malware, cryptojackers aren’t interested in your data. They simply siphon CPU cycles from a system.
That means you’ll need to ensure your security monitoring includes looking for unexpected or unusual spikes in processor usage. While some cryptojacking malware only operates when a specific webpage is open, newer forms are loaded when you visit an infected webpage but stay in your system’s memory and keep running even when you close down the webpage.
As new cryptojacking software emerges, you’ll need to ensure your endpoint and other security measures are up to date so you can detect and block. You’ll also need to ensure your monitoring outbound network traffic as once coins are mined the bad guys will be communicating from the affected endpoints to some central node.