• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Defeat Cryptojacking Malware with Responsive Automation

February 27, 2020 By Stephen Helm

Responsive automation makes it possible to shorten time to detection and accelerate response by automating processes that typically require a skilled security analyst. For my money, there are few better examples of the value of responsive automation than the threat of cryptojacking malware.

Cryptojacking malware infects a system with the goal of generating Bitcoins using the victim’s machines. Once the infection takes hold, the malware saps compute resources and bogs down critical servers, using an average of 25% of an endpoint’s processing power. What’s more, generating a single Bitcoin can cost the victim nearly $10,000 in energy costs alone. While an increased power bill and slowed machines might set off alarm bells, many organizations would struggle to identify and remediate the threat on that information alone.

In fact, it takes an average of 206 days1 for a business to detect a breach, a credit to the skilled nature of attackers able to hide their attack in plain sight. This means a successful infection that occurred on January 1st, wouldn’t be discovered until mid-July! For smaller organizations, the problem is even worse, with average time to detection taking nearly 800 days.2 It should come as no surprise that only 39% of businesses feel they are highly effective at detecting threats. Sadly, in the case of midsize businesses most infections aren’t detected by the victim at all, but by a 3rd party who discovers the fallout through other means.

Even once detected, responding and recovering from the threat poses another challenge. The average attack takes 73 days to be fully repaired.1 Responding to threats in a timely fashion can be the difference between a quick fix and a major security incident.

Without the right security expertise, many midsize businesses will be powerless to effectively manage the threat. Responsive automation makes it possible for these organizations to respond faster and stay up to date with the latest threat intelligence with minimal effort on the part of their IT teams.

How Responsive Automation can detect and kill cryptojacking malware:

  • Advanced detection techniques. Behavioral and statistical modeling makes it possible to detect ongoing attacks by correlating security event information from different parts of your environment. Automation makes it possible to keep the models behind these approaches up to date on the latest threats, without IT teams needing to act.
  • Correlated threat scoring. Correlated threat scoring to take the guesswork out of the process. Assigning each indicator a score based on severity, and aggregating related indicators into a global incident score makes it possible to uncover threats that would be nearly impossible to detect in isolation. In the case of cryptojacking malware, the first signs of CPU usage spikes could be cross referenced with attempts to connect to malicious servers outside of the network. In tandem, these indicators would provide strong evidence of a threat.
  • AI-Powered triage. Even with the guidance a threat score provides, IT teams can be left dealing with a host of threats labeled as suspicious. The process of investigating each can claim a disproportionate amount of your team’s time, with the average business spending over 286 hours a week on indicators that turn out to be false positives.3 Artificial intelligence trained to identify patterns humans may miss can provide tremendous value here and allow you to automate the process of triaging suspicious threats.
  • Automated response. With an effective threat scoring model in place, responding to threats can be highly automated, allowing you to dictate the actions the system takes when a threat receives a certain score. Machine infected? Automation makes it possible to immediately isolate infected endpoints from the broader network until they can be returned to good order. From there malicious files can be quarantined, processes killed, and malicious registry keys destroyed without you needing to lift a finger.

Want to learn more about how WatchGuard can help accelerate breach detection? Download our eBook The WatchGuard Automation Core: Building an Intelligent, Autonomous, and Extensible Perimeter or try our Security Automation ROI Calculator

1 https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf

2 https://www.techrepublic.com/article/cybersecurity-malware-lingers-in-smbs-for-an-average-of-800-days-before-discovery/

3 https://www.exabeam.com/wp-content/uploads/2019/07/Exabeam-SIEM-Productivity-Study.pdf

Share This:

Related

Filed Under: Featured, WatchGuard Articles Tagged With: automate security, cloud security automation, network defense

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use