“Cryptomining is in its infancy. There’s a lot of room for growth and evolution,” according to Marc Laliberte, threat analyst at WatchGuard Technologies, and the practice of cryptojacking is already rampant – continuing to increase in popularity as the cyber weapon of choice for malicious practitioners due to its low risk and high ROI.
For the unfamiliar – cryptojacking is a tactic hackers are using to mine cryptocurrency through the unauthorized use of an unsuspecting target’s computer. They often do this by duping victims into clicking a malicious link – typically via an email phishing scam – which then injects the cryptomining code into the user’s machine. Another common strategy utilized by cryptojackers is to infect a website or online ad with JavaScript code that will execute automatically once it’s loaded in the victim’s browser.
Cryptojacking code is easy to contract and tricky to detect by design, meaning this particular breed of cyberattack – which is rapidly growing in popularity among the crypto-driven cybercriminals out there – presents its own distinct set of challenges for individuals and businesses working on the web. This week, WatchGuard’s Information Security Threat Analyst, Marc Laliberte, sat down with CSO Online Senior Editor, Michael Nadeau, to discuss the ins and outs of cryptojacking and offer practical advice for preventing, detecting, and remediating these attacks. The following are a few small samples of some of the actionable advice from the interview:
How to prevent cryptojacking
Incorporate the cryptojacking threat into your security awareness training, focusing on phishing-type attempts to load scripts onto users’ computers.“Training will help protect you when technical solutions might fail,” says Laliberte. He believes phishing will continue to be the primary method to deliver malware of all types.
How to detect cryptojacking
Like ransomware, cryptojacking can affect your organization despite your best efforts to stop it. Detecting it can be difficult, especially if only a few systems are compromised. Don’t count on your existing endpoint protection tools to stop cryptojacking. “Cryptomining code can hide from signature-based detection tools,” says Laliberte. “Desktop antivirus tools won’t see them.”
How to respond to a cryptojacking attack
Update and purge browser extensions. “If an extension infected the browser, closing the tab won’t help,” says Laliberte. “Update all the extensions and remove those not needed or that are infected.”
To learn more about cryptojacking and additional methods of preventing, detecting and responding to this prolific malicious practice, check out the full story on CSO Online. Then, find out what other threats cryptocurrency could face in 2018 by reading this Secplicity post.
Leave a Reply