No Ransomware? Your Data Could Still Be At Risk
Over the course of 2017, businesses were on high alert for ransomware, a form of malware that steals files and demands funds in exchange for their return. But just as IT teams and staff were getting a handle on ransomware, the threat began to dissipate. In 2018, the major threat to business security took a turn. Enter: crypto mining.
What Is Crypto Mining?
Though crypto mining is another manifestation of malware, from a security standpoint it helps to understand its purpose and why this particular mode of infection is on the rise. In essence, companies that issue cryptocurrencies like Bitcoin, Ethereum, and Verge need to validate their deeply encrypted transactions. To do this, they “mine” or harness CPU power from vulnerable systems and consequently slow down your devices.
Mining Prevention 101
Miners can latch onto your company’s computer systems in several ways. One of the most common ways they get in, though, is via BYOD-based leaks. Since most home-users lack robust security systems, allowing employees to use personal devices at work can leave your whole system vulnerable. One false move and your whole company will be deep in the digital mines.
To prevent crypto mining, your company should block access to crypto mining pools. Here’s a list of mining pool domains and IP addresses your firewall can use as a blacklist. You should also be using a security system that scans for this kind of malware so that any stray mining activities can be promptly shut down.
Spotting The Sources
Besides installing appropriate security protocols, your company’s best defense against crypto mining is knowing where these attacks stem from.
One of the earliest major crypto mining attacks, launched in May 2017, is powered by the same software as the WannaCry attacks, known as EternalBlue. This particular attack releases a botnet into vulnerable machines to turn them into mining operations. At its peak, there were over half a million infected computers mining the Monero cryptocurrency. Businesses are a favored point of attack because the botnet targets servers rather than individual computers. After all, you turn your computers off, which turns off mining. You don’t turn off your server.
Advertisements are another key source of crypto mining attacks, and a particularly insidious one. In late January 2018, for example, crypto mining infected some double-click advertisements via Google’s ad network. These ads are supposed to be revenue generators for businesses, but instead they were hijacked as entry routes into end-user’s computer systems.
Ads are such excellent vectors for crypt mining that Salon.com is actually testing them out as a monetization strategy to undercut ad-blocking software. Though at least Salon is being transparent about their intention to turn computers into crypto mining operations – and staff definitely shouldn’t use the site at work – it should make security officers wonder how many other outlets are secretly monetizing your company’s system.
What’s The Risk?
Though crypto mining ostensibly just unauthorized use of computer power, its security risks are serious. First, because the goal of crypto mining is to operate covertly in the background of traditional operations, you run a very immediate risk of transmitting the associated malware to customers and business partners.
In addition to stealing your productivity power by using your server, the very presence of crypto mining means someone is playing around in your files. They may not be explicitly interested in your data, but that doesn’t mean they’ll leave it all untouched. Prior forms of ransomware scrambled files and inserted more malicious attacks. Evolving crypto mining forms could combine the two to take over greater amounts of CPU power by denying your business access to its own server.
Crypto mining as security breach is so insidious precisely because it seems harmless, but what security professionals and C-suite officers need to recognize is that system protection is at the heart of the matter. If there’s a breach for crypto mining software to get in, then there’s also an opening for other forms of malware.