PayThink

Crypto mining hackers are feasting on poor authentication and staff learning curves

Register now

Hackers are hijacking devices in order to steal their compute power and mine for cryptocurrency.

Cryptojacking, as this trend is called, is one of the fastest growing threats in cybersecurity. Attacks can be initiated through phishing emails that load cryptomining code onto a victim’s computer, or through infected websites that automatically execute code once loaded in a victim’s browser. In both scenarios, cryptomining occurs behind the scenes and can go unnoticed entirely. Cryptojacking is rising in popularity because it is difficult to trace and results in high payoffs for hackers.

Unfortunately, cryptojacking is now being combined with cloudjacking – which occurs when hackers steal processing and storage from enterprises’ cloud platforms. Through cloud cryptojacking, as this deadly duo is known, hackers use enterprise-level resources to mine cryptocurrency at an extremely accelerated rate. Naturally, this tactic is now being used to target many organizations.
To protect against cloud cryptojacking, an enterprise must be able to recognize the signs of an attack and understand how to respond. Below are some helpful tips to boost security and thwart cybercriminals’ malicious endeavors.

Educate Employees. Employees are typically a company’s first line of defense when it comes to most threats. As such, it is important to train them on how to identify cloud cryptojacking attacks; in particular, they must know how to recognize and respond to phishing, the age-old scourge of the enterprise. Additionally, employees must use complex passwords and change them regularly.

Authenticate Users. In addition to complex passwords, advanced security tools should be used to verify users’ identities. Multi-factor authentication (MFA) can require employees to provide an additional means of verification before they can log in to enterprise resources. For example, when users try to access a cloud service like AWS, they can be sent passcodes via text message or email that they will need to complete their login. This can help block malicious parties who are trying to invade companies’ cloud systems.

Promptly Install the Latest Security Patches and Software Updates. Software and security solution providers continually issue patches that fix vulnerabilities and help customers defend against threats. Unfortunately, far too many individuals ignore or delay installations, leaving endpoints and cloud services exposed.

Deploy Ad-Blocking Extensions. Many cryptojacking scripts are delivered through malicious websites or pop-up ads. Naturally, installing ad blockers helps to minimize this threat. Leading ad blocking tools can even detect cryptomining scripts and enable remediation.

Adopt Mobile Data Security Solutions. In the era of bring your own device (BYOD), it is incredibly challenging to deploy conventional mobile device management tools – employees resist having agents installed on their personal phones. Fortunately, there are now robust, data-centric solutions that can secure any endpoint without causing privacy and deployment headaches. These agentless solutions can even offer cybersecurity features that have historically been available only with agent-based tools.

As evinced by the rise of cloud cryptojacking, cybercriminals are always devising new ways to attack companies and make money. Fortunately, the above tips can help your business defend against this growing threat. Additionally, by following these best practices, organizations can be well prepared for the future and the continued evolution of cyberattacks.

For reprint and licensing requests for this article, click here.
Cryptocurrencies Authentication Digital payments ISO and agent
MORE FROM PAYMENTSSOURCE