It’s a Bird, It’s a Plane, No… It’s Cryptojacking!
You attempt to log on to your computer, but it is non-responsive. Other users are also having trouble logging on. The system becomes so slow that it is non-functional. Is it an encryption attack? Is there some sort of malware affecting the network that will result in some form of extortionate demand? Or is it something else? Could it be that someone has “cryptojacked” the network?
What is “cryptojacking”?
“Cryptojacking” is the unauthorized access to and acquisition of computer network resources to create cryptocurrency, like BitCoin, Ethereum, or Monero. Cryptocurrency must be created – or “mined” - by using significant computing power to crunch complex algorithms. Cyber criminals prefer to mine cryptocurrency with anonymity and steal the computing power of others in the process. Cryptojacking has become a serious cybersecurity threat because it involves malicious actors penetrating an enterprise environment, deploying malware that “mines” the cryptocurrency – consuming tremendous amounts of network resources in the process - and then sending it back to the perpetrators.
What does “cryptojacking” look like?
Cryptojacking attacks are often mistaken for the early stages of a sophisticated ransomware attack. The beaconing of the cryptojacker malware back to its command-and-control server may appear to be the early stages of ransomware deployment. The tremendous consumption of computer power often substantially slows or shuts down the legitimate use of a system, making it appear to be a successful encryption attack. At the very least, it appears to be some form of malware adversely affecting the legitimate use of the system.
What are the costs of cryptojacking?
The most common cost associated with cryptojacking is the consumed electricity. Although the cost of electricity may be relatively inexpensive, when cryptojacking displaces the intended use of a network, impeding legitimate use and adversely affecting authorized revenue streams, it can immediately become very expensive. Depending upon the business sector of the victim network, these costs can be substantial. Consider a manufacturing plant shut down due to the lack of computing power to process data, or facilities required to be physically secure losing their security due to malware beaconing out through networked locking systems. The consequences can be devastating.
The costs of investigating the network interruption can also be substantial. Due to the nature of the intrusion, the digital forensics investigation may need to be expansive. Cryptojacking attacks, much like encryption attacks, often involve the deployment of credential stealing malware like Emotet, MimiKatz, or TrickBot to gain access to the systems. Extended endpoint monitoring is typically necessary to identify and remove the malware from the network. Furthermore, the use of the credential-stealing malware to gain system access can lead to the compromise of sensitive personal information. The compromise of this sensitive information may lead to the costly notification of consumers and regulatory authorities. As with any data security incident, there may also be reputational harm, which translates into economic harm. The bottom line is that a cryptomining attack can be very expensive.
How can I prepare for cryptojacking?
Much like any other data security incident, it is essential that all applicable security controls are enabled. More than ever before, intrusion detection systems and end point monitoring are necessary to identify the unauthorized use of network resources. Cyber preparedness assessments and incident response planning must be baked into any information security framework. This includes identifying and testing the response of internal and external (third party) responders prior to any cryptojacking event.
An efficient response can mitigate the risk of this harm, but none of it is inexpensive. It involves the coordination of legal, financial, human resources, and communication/marketing, none of which is easy navigate when you are in the middle of a crisis. The better exercised the response, the more efficient it will be. However, these expenses will pay off when a well-coordinated response is able to quickly detect or even prevent cryptojacking or other malicious exploits, minimizing the adverse impact.
Click the ‘Subscribe for More Updates’ button at the top-right of this page to receive alerts when new Digital Insights posts go up.