Cryptojacking The growing two-headed threat: cryptojackers paired with ransomware

MassMiner is an interesting example because it uses many exploits for various vulnerabilities in one payload. Exploiting unpatched flaws in Oracle WebLogic, Windows SMB, and Apache Struts has earned close to $200,000 worth of Monero cryptocurrency for MassMiner’s creators. Alex Archondakis, a member of the BCS Internet Specialist Group, reports on CryptoJacking, and explains how people and organisations can protect themselves from the practice. Here are GlobalSign and Net at Works 7 factors on how to increase email security with automated encryption. Of course, machines working harder than they should can be an indication of many different types of attack, but any sudden decrease in performance should be taken as a flag to investigate potential infection.

One of the tell-tale signs of cryptojacking is a decrease in computing performance on any of your computing devices. Encourage your staff to report instances of slow device performance immediately.

Monitor Firewall Traffic

Ransomware is malware, so it can generally be avoided in the same ways that malware can. Endpoint protection tools like antivirus are essential – keeping them updated regularly, even more so. Don’t get us wrong, the widespread adoption of HTTPS/TLS is great for keeping data safe in transit, but there’s far more to cybersecurity than What is cryptojacking a mere padlock symbol. It’s also worth considering the fact that many people now deem sites that display the padlock icon as “safe”. In reality, anyone can purchase a security certificate for their website for around £30 – it’s not an objective stamp of all-round security approval, it’s just the tech needed to use HTTPS on a site.

As the most popular and valuable cryptocurrency on the market, Bitcoin might seem like the obvious choice for hackers. This, however, is not the case, with the vast majority of attacks mining the open-source cryptocurrency, Monero. Recent research has found that the level of illicit cryptocurrency mining is closely aligned with the value of Monero. The research also found that the volume of illicit mining detected in the wild increased in line with the rising value of Monero.

A short definition of Cryptojacking

According to an Enisa report, there was a 30% year-on-year increase in the number of cryptojacking incidents in 2020. The second method is to place a script on a website or an ad delivered to several websites. When a victim visits an affected website or clicks on an infected ad, the script automatically runs.

Defend Your Remote Workforce with Cloud Edge Secure access to corporate resources and ensure business continuity for your remote workers. Whichever method is used, crypto mining code then runs in the background of a victim’s computer and generates profits for an attacker. For most users, the only indication they’ve been cryptojacked is slightly slower performance, which is why these attacks are so hard to detect. As malware is often used as the first step to infect target computers with malicious code for ransomware attacks, data theft and cryptojacking, your security software needs to help you identify and prevent these malicious scripts. Encrypted threats are cyber threats – generally malware of some sort – that reach victims’ devices or networks through encrypted web traffic.

How to Protect Yourself from Cryptojacking

The most popular is through the installation of some type of malware on the victim’s computer, but this is not always the case. The mining of cryptocurrencies can also be carried out without installing any software and through the browser. Use application controls that narrow the software allowed to run to a minimum, preventing the installation of cryptomining malware. CryptoJacking or ‘drive-by mining’ is quickly becoming a popular attack vector amongst hackers due to the rise in crypto currencies. Even though the market is currently struggling there are now over 1,500 different types of crypto currencies with some investors seeing huge profits over a very short time. Organizations can make a list of URL/IPs of infected cryptojacking sites and domains of crypto-mining pools to block.