‘Normal’ web security can’t stop cryptomining attacks
Cryptomining attacks can be surprisingly hard to detect with slower performance and increased latency potentially going unnoticed for extended periods of time, and even when variations are noted, they can be mistakenly attributed to other causes.
Undetected for extended periods of time, the attacker can lay cryptomining scripts for future malware or ransomware attacks. This can create quite a bit of work for an organization to find all these infections, eradicate them and prevent the attacker from returning.
All too often, the first indicator of compromise is from a sharp spike in CPU usage versus a detection of the actual attack.
Regrettably, antivirus solutions, firewalls, secure web gateways and URL filtering cannot reliably detect cryptominer code and have proved ineffective at preventing it from auto-executing within endpoint browsers. Attackers are also now increasingly targeting IoT devices, which may not have the same level of security controls available or applied.
Detecting lateral movement within the network has traditionally been hard for organizations, making it much easier for them to miss this form of attack. A different approach to a perimeter-based defense — or attempting to find this through some form of behavioral or traffic analysis — is needed.
As a first step, employ cybersecurity best practices by patching known vulnerabilities and improving defenses and education against spam and phishing campaigns.
Next, prevent unauthorized lateral movement to disrupt an attacker’s ability to install malicious cryptominers.
Integrating deception technology into existing IT security controls can be a powerful resource for defenders in gaining early visibility to in-network threats. By making the attack harder with decoys and misdirection, an adversary is more likely to get deterred as it is forced to decipher what is real and what is fake. This will change the economics of the attack and impact their ROI where it may no longer be financially motivating to continue the attack.
Implementing these best practices can materially impact the feasibility and likelihood of an adversary’s success on a cryptocurrency mining attack.
When network defenders improve their cyber hygiene and lay traps to misdirect illicit cryptocurrency miners, there is a strong chance that the attacker will seek an easier target or simply become disenchanted as the complexity of both the network infrastructure and their costs become too great.