Blog

2019: Beware a New Wave of Crypto Mining Abuse

Crypto Mining is the critical component that built the very foundation of cryptocurrency and blockchain. Fortunes have been made and lost in the world of cryptocurrency and the satellite industries that surround this exciting space. It seems however that anywhere that trade and technologies exist, malfeasance soon finds its way to them. Cryptocurrency is no different. Malware has long been one of the security banes of organizations everywhere. At some point, malware combined with crypto mining and security organizations were faced with a new plague known as “cryptojacking” ever since.

In late 2018, McAfee Labs reported that cryptojacking malware activity rose by 4,000 percent in this year alone. Four Thousand Percent. Cryptojacking malware hijacks a user’s system in order to use its resources and mining power to mine cryptocurrencies. The object of this type of malware is to remain undetected, to re-infect, and to remain under the control of the attacker.

IoT Frontiers

The Internet of Things (IoT) is extolled for its power, information, utility, and flexibility. Across the globe, IoT can be described as simple, interconnected endpoint collectors and distributors of information such as sensors, temperature indicators, surveillance systems, and more. The staggering scale of these IoT systems is now numbered in billions. As a result of lax security standards and low to non-existent management, many of these IoT devices are justifiably perceived as vulnerable.

In late 2016, the Mirai botnet exploited the very nature of IoT systems and in the process, brought a considerable part of the internet to a grinding halt. Poorly secured devices proved to be at fault in the Mirai botnet case. The attack leveraged default passwords deployed on millions of endpoint devices to create a controlled Distributed Denial of Service (DDoS) attack against core DNS systems. As a result, a sustained interruption of availability was experienced throughout the United States and beyond.

IoT cryptojacking

It is reasonable to predict that with the rise in cryptojacking being reported, IoT will soon be the next platform under its scope. That is because the security measures in this field are by nature easily defeated and poorly managed.

Among the various benefits of cryptocurrency, perceived anonymity, security, and privacy features are particularly attractive. For the very same reasons, cryptocurrency also appeals to cyber criminals.

Additionally, the scale of benefit versus engineering effort of an attack poses a tempting picture. While most IoT endpoints are low-processing, low-power in nature, the fact remains that most endpoints only use a fraction of its available power and at scale with hundreds, thousands, even millions of devices under their control, the impact of a potential IoT cryptojacker is collectively significant.

Reactions and Prevention

It is certainly not feasible that an organization can be expected to protect IoT devices out in the wild, particularly from other manufacturers and outside parties. The IoT cryptojacking threat is an external threat that could manifest in ways designed to propagate, disrupt, and exfiltrate with the leverage of scale wielded against an unsuspecting organization. Within the organization, cryptojacking may potentially emerge from a variety of sources including web pages, software installs, desktop infections, email attachments, and many more.

The best defense against internal threats is to turn controls and observation inward, to detect activity and incidents that originate within the network itself and act accordingly. Protections such as multi-factor authentication, roles-based account administration, network hardening, and web application firewalls create an enhanced protection profile.

Additionally, the threat from the outside as is the case of IoT malware is too significant to ignore. Attacks affecting an organization are typically sourced and/or targeted at systems throughout the web. As part of a threat intelligence program, a tool such as Threat Intelligence Platform can help identify rogue networks, untrusted sources, and add context to suspicious behaviors within and against a company’s network.

Threat intelligence should be linked to every incident response as a post-mortem or research action. Security teams leverage the power of information to find suspicious sources of network activity, such as those that surround cryptojacking. For example, much of a cryptojacker’s malicious activity may be encrypted through hijacked or unsigned keys, making normal detection extremely difficult. However, as the information available through analysis in the Threat Intelligence Platform detects, the correlating of target and source information makes the identification of activity and relative risks a simpler task that produces actionable results.

For 2019, Threat Intelligence Platform recommends a trial subscription to help organizations strengthen and establish internal threat intelligence programs while heading off potential attacks.