If 2017 was the year of ransomware attacks, then 2018, as far as it can be defined by malware, was the year of “Cryptomining”.
In early 2018, the cryptocurrency market reached unprecedented thresholds, which led to an extraordinary increase in the mining of these same cryptocurrencies, whether legal or illicit. And today, as skyrocketing cryptocurrency prices and the bitcoin bubble (is it fair to call it a bubble now?) Have seen a terrible comeback, criminals continue to wreak havoc in using Cryptomining to mine lesser-known alternative currencies, such as Monero.
In this article, we'll explain the basics of Cryptomining, as well as how you can detect and block it on your network.
What is Cryptomining?
Cryptomining is, you guessed it, diverting the computer resources of a third party to mine cryptocurrency. Usually, scripts are run in the background on websites. But it is also possible to hijack machines and servers to run real cryptocurrency mining software, installed either by malware or by a malicious collaborator.
Or, to put it another way, imagine a stranger using your home while you are at work, using water, electricity, and heat. It's a bit like that.
For hackers, the advantage is clear: They can mine cryptocurrency without paying the astronomical electricity bills that this activity typically generates.
But I know what you are thinking: mining cryptocurrency on a processor is amazingly inoperative. The process is damaging to your hardware and quite simply inefficient in terms of the energy used compared to the amount of currency mined. Therefore, unless you have a powerful GPU, you should be protected against Cryptomining, right? Not really, no. For Cryptomining hackers, these drawbacks are moot points. Think about it, if thousands of users are running your script to divert their computing power and electricity for the purpose of executing the action, Cryptomining is essentially free money, and this is very tempting for anyone. endowed with bad intentions. Not to mention the fact that mining Monero requires a lot fewer resources than traditional Bitcoin mining.
Is Cryptomining a Real Threat?
Cryptomining is certainly one of the new buzzwords on the internet. But beyond that, does he represent a real threat? The answer is simple: Yes.
Some recent reports specifically show the potential profitability of cryptocurrency mining. In a specific case, the hackers created a cryptocurrency miner botnet, called "Smominru" by security experts, which controls more than 520,000 machines, a botnet almost as large as the Mirai botnet that nearly broke the Internet. in 2016, amassing nearly $ 2.3 million in cryptocurrency. The profit is heavy and strongly encourages other people to follow suit. And apparently many followed him ...
And reports confirm this. Cryptomining made all the headlines in 2018: Cryptomining has been very popular for a few years. In 2017, it increased by 8,500% and its popularity surpassed that of "ransomware," according to research by Symantec. In fact, in their State of Malware report, Malwarebytes researchers state that very quickly, “anyone engaging in some form of cybercrime was likely to be flirting with mining. cryptocurrencies ”.
The headlines confirm this forecast. In recent months, Cryptomining has been flooding the news, from the most ordinary browser scripts to industrial-scale control and data acquisition systems infected with cryptocurrency mining software. In an extraordinary case, a Russian scientist was arrested for mining Cryptomining on a supercomputer in a nuclear laboratory.
Moreover, the Cryptomining epidemic is not only costing victims resources. It can actually destroy their equipment. A type of Android "malware" called Loapi undermines cryptocurrency so badly that it can actually cause physical damage to the device on which it is executed.
With all of this in mind, it can certainly be said that the threat of Cryptomining is real. And it is not going to go away. So how do you protect your network from Cryptomining hackers who are looking to burn your resources, whether they are hackers running mining scripts in browsers or malicious employees trying to exploit powerful computer systems?
Basic Steps Apply Patches to Your Systems
This first step is fundamental to protect yourself against thousands of attack vectors. It is essential in any case, and worth repeating: always keep your machines updated with the latest patches. ESPECIALLY if the patch notes mention some form of security vulnerability.
Updating your patches and security updates are simple steps to keep your network safe from Trojans containing cryptocurrency miners. When it comes to Cryptomining, every day is “Patch Tuesday”. Obsolete applications and operating systems are a favorite attack vector for offenders. But it's a vector that you can easily close. So do it. Case in point: Smominru, the 500,000-machine cryptocurrency mining botnet mentioned above, exploits certain vulnerabilities that have been patched for a long time, for example, EternalBlue and EsteemAudit, in order to take control of Windows machines. By applying the necessary patches on your machines and eliminating these vectors of
Block Your Attack Vectors
Admittedly, the application of the patches is a crucial step. However, even a system that is updated with the latest patches can be vulnerable if a user goes to the wrong site or installs the wrong application. This is why it is important to take a multidimensional approach to block Cryptomining hackers, especially those who exploit browsers.
The easiest solution to this problem would be to block the execution of JavaScript in browsers on your network. But this would seriously affect the quality of the Internet. I can already imagine the number of tickets and complaints from users. Therefore, in most cases, it's probably best to take a more nuanced approach. For example, you can blacklist prohibited domains or use software or plug-ins to do it for you.
Many antivirus software, such as BitDefender, Protegent360, or Malwarebytes, automatically block mining sites, such as the CoinHive miner's JavaScript, from accessing their domain and IP address. These solutions should also be able to detect and block security holes like EternalBlue, which can cause far more problems than just Cryptomining. If you don't already have a security system like this, we strongly recommend that you purchase one.
When it comes to free solutions, NoCoin, Coin-Hive Blocker, and MineBlock are all robust options for blacklisting cryptocurrency mining domains. You can also use ad-blocking software like uBlock Origin (my personal choice). The other option is to create your own blacklist, although it will probably be difficult to update.
Comments
Post a Comment