Compared to ransomware or data breaches, cryptojacking might seem like a minor annoyance. Learn how it is changing and what you can do to guard against it.
Cryptojacking might not seem as dangerous as ransomware or data breaches since cybercriminals are stealing a computer’s processing power rather than money or data. However, companies that dismiss this threat might be putting their businesses at risk. Cryptojacking malware is becoming increasingly sophisticated, which could spell trouble for companies unprepared for it.
The Changing Face of Cryptojacking
Cryptojacking was born from people’s need for more computing power so they could mine (aka earn) cryptocurrencies such as Bitcoin and Monero. These “miners” typically used website scripts that siphoned processing power from a visitor’s computer, without that individual’s knowledge or consent. When the person left the site, the siphoning stopped.
It wasn’t long before cybercriminals started using these scripts to get computing power for their exploits. Sometimes, they added these scripts to their own malicious web pages. Other times, they hacked into legitimate sites and insert the scripts there.
Since cybercriminals have entered the scene, cryptojacking malware has become more sophisticated. In addition, the hackers are becoming more creative in ways to deliver it.
Take, for example, the cryptojacking malware known as PowerGhost. When it was first discovered in July 2018, Kaspersky Lab researchers found that cybercriminals used phishing emails to gain initial access to a computer. Once the machine was infected, the malware used credential-stealing and remote-administration tools to spread itself to other machines in the local network. To make matters worse, some newer versions of PowerGhost have the ability to disable antivirus programs such as Windows Defender.
Another sophisticated program is PyRoMine, which Fortinet researchers found in April 2018. Besides stealing processing power, it creates a backdoor account with administrator-level privileges, enables the Remote Desktop Protocol (RDP), opens the RDP port in the Windows Firewall, and makes several other system changes so that the cybercriminals can remotely access the computer at a later time. The program even configures the Windows Remote Management Service to allow the transfer of unencrypted data.
As PowerGhost and PyRoMine illustrate, cryptojacking malware can create footholds in computers that hackers can later exploit. They could, for example, use these footholds to infect the computers with a different kind of malicious program, such as ransomware.
This might already be taking place. Companies infected by cryptojacking malware were found to have a larger number of other types of malware infections compared to businesses that did not experience any cryptojacking attacks, according to Fortinet’s “Quarterly Threat Landscape Report” for Q3 2018. However, this is only circumstantial evidence that cryptojacking leads to other malware attacks, which the Fortinet researchers acknowledged. They noted, “We attempted to establish a definitive causal relationship, and while those tests showed statistically significant results, they fell short of the burden of proof needed for a guilty conviction.” The researchers are planning to further explore this relationship in future reports.
How to Guard against Cryptojacking
In the past, you just had to prevent malicious scripts from running in web browsers to guard against cryptojacking. Nowadays, a more widescale approach is needed, including:
- Making sure that computers’ operating system software and apps are updated so that known security vulnerabilities are patched. Both PowerGhost and PyRoMine exploit unpatched security vulnerabilities in Windows operating system software to create their footholds.
- Making sure your security software is up-to-date. This can help guard against known cryptojacking code. It can also help protect computers from other types of malware that might be installed through footholds created by cryptojacking malware.
- Educating employees about phishing emails and unsafe web browsing habits. As PowerGhost demonstrates, phishing emails can be used to gain initial access to a computer. So, employees need to know the dangers associated with clicking links in emails and opening files attached to them. Similarly, they should be taught about unsafe browsing habits, such as clicking links without knowing where they lead and visiting questionable websites.
- Using a DNS filtering solution to block malicious sites that your firewall may not be aware of.
- Inspecting your website. If your business hosts a website, you might want to make sure that hackers have not placed a cryptojacking script on it.
There are also other measures you can take, such as monitoring your computer systems and network for unusual activity. We can evaluate your business and provide specific recommendations on how to defend against cryptojacking and other types of malware. Contact us to schedule a free network audit to ensure your systems are protected.