From a single device to entire networks, they infect as many devices as they can to mine for cryptocurrency on, or while using other people’s computers.
Cryptomining and cryptojacking are two terms that are commonly used when discussing this topic. The two are distinguished as follows:
Cryptomining is the act of doing all the necessary - and, quite frankly, very complex - effort required to generate and work with cryptocurrency. It can be both legitimate or malicious, which is determined by several factors, most significantly whether you consciously agree to it.
Cryptojacking is malicious cryptomining. The cyber crooks get a code on to your devices without your permission to mine for cryptocurrency using your equipment and your resources, then get all the proceeds. Cryptojacking might sound relatively harmless at first - it doesn’t need to read your personal data, or even access to your file system. However, the downsides are still very significant:
1.Unbudgeted operating expenses from powering computers to work for someone else.
2.Opportunity costs, because legitimate work gets slowed down. You think your computer is slow now; wait until you get cryptomining software on it!
3.Security risks from who-knows-what untrusted programs and network connections.
4.Reputational and regulatory costs of reporting, investigating and explaining the cryptomining activity.
5.Ethical concerns of allowing employees to mine using your resources.
These risks are real, and you need to decide if your business can afford to ignore them. Your business needs to form an opinion on what your policy on cryptomining is. While the view on cryptojacking is simple - it should never be allowed - the view on legitimate mining varies from business to business.
Cryptomining in businesses
Some companies will allow legitimate mining on company resources, while others will not. Again, there is an ethical component of allowing employees to use company resources, including the hardware, electricity, and ongoing running costs to perform legitimate cryptomining. You can also ask yourself: Does this make the employee the bad guy?
Of course, not all cryptomining is cryptojacking; some is legitimate. However, from an IT perspective, it can be almost impossible to distinguish between them. For example, it’s possible for a crook to turn a legitimate mining program into a malicious one, simply by changing a config file. The owner wouldn’t notice that their resources have been “stolen” until they don’t get paid. Also, how can you block malicious cryptojacking versus legitimate mining if they look the same?
Given the security, reputational and regulatory issues that in-house cryptomining poses to a business and the difficulty in distinguishing between legitimate v malicious mining, Sophos strongly advises that your default position should be to stop it.
When it comes to stopping cryptojacking there is no silver bullet. Just like protecting yourself against ransomware, you need to take a layered approach to protection.
2.Stop cryptomining malware at every point in the attack chain.
3.Prevent cryptomining apps from running on your network.
4.Keep your devices patched to minimise the risk of exploit-related attacks.
5.Use mobile management technology to ensure that native mobile apps aren’t present on your mobile phones or tablets.
6.Educate your team: Cryptomining is not an acceptable use of company resources or power and explain traditional attack vectors of malware such as phishing and how they can protect themselves.
7.Maintain a strong password policy.
8.Keep an eye out for the telltale signs that you’ve been cryptojacked: slow network, a soaring electricity bill and a spike in CPU consumption.
Harish Chib is the vice-president for Middle East and Africa, Sophos.
The views expressed here are not necessarily those of Independent Media.
- BUSINESS REPORT