Six tips for securing your organisation against cryptojacking

website_design-creating_personal_concepts-undefined

Six tips for securing your organisation against cryptojacking

1920 1080 Pro Web Design



Cryptojacking involves secretly stealing the processing power from a computing device to mine cryptocurrencies. Whilst originally confined to victims unwittingly installing a cryptocurrency mining program on their machines, attacks have now expanded to in-browser cryptojacking that simply involves inserting a few lines of code into a browser plug-in.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This now makes it quicker and simpler to carry out and much harder to detect unless security teams are aware of the indicators and mechanisms of compromise.

With such a small payload, it is easy to infect multiple websites at the same time, making it an attractive weapon for cyber criminals. The UK alone has seen a 1,200% increase in cryptojacking attacks from just last October to this January.
Despite the upward trajectory of attacks, it is possible to defend against. Below I’ve listed six steps for securing your organisation against cryptojacking:
1. Disable Java in browsers
Cryptojacking can be accomplished with a few lines of Java code hidden on a website. Every time an individual visits a corrupted website, the browser can be infected and a java script automatically run to start cryptocurrency mining.
Enforcing a policy of not allowing Java to run, while creating a whitelist of approved websites that employees can access will significantly reduce the chances of your organisation becoming victim to cryptojacking.
2. Look out for the tell-tale signs
Cryptojacking runs a program that steals processing power. This could be running on the company server, or employee laptops and smartphones. If you notice a device running slower than usual or consistently overheating then you should investigate what’s running in the background. If you find something unusual such as a rogue .exe file then it could be a mining component which you can then simply uninstall.

A server that’s been compromised might experience delays in accessing network locations or suffer frequent crashing. However, many cryptojacking attacks are covert enough to target unused CPU, so the effects can go unnoticed, so you should investigating the server to see if it’s communicating with any unknown IP addresses.
3. Look for anomalous programs
Using an anomaly detector, you can find unexpected items or events which do not conform to your network’s usual activity, such as the installation and running of an unknown program. There are plenty of anomaly detectors out there, many of which are now automated or utilise machine learning for greater accuracy. If you think your system is being used for cryptocurrency mining, running an anomaly detector is a good way to investigate.   
4. Ensure your antivirus software is up to date
To reduce the likelihood of your organisation being exposed to cryptojacking (and other cyber threats) you should ensure all machines are installed with the latest updates from your antivirus provider. As there is no silver bullet when it comes to security technology, having a suite of security solutions will vastly enhance your security posture.
5. Stay on top of computer hygiene
Patching is probably the best antidote to cryptojacking attacks. In January 2018, cyber criminals exploited unpatched Oracle WebLogic Servers to mine the cryptocurrency Monero, despite a patch being available from October 2017.
Patching often takes a back seat, despite the fact it is one of the top cause of cyber-attacks. With this in mind, creating a risk model with a regular patching cycle for applications, browsers and operating systems will significantly reduce the threat and incidence of infection by cryptojacking software.
6. Employee engagement
As with every cyber threat, ongoing training and cyber awareness programmes that educate employees on the latest attacks, such as cryptojacking, and the signs they should look out for are crucial. These will help engender a culture of constant vigilance and reporting suspected cryptojacking incidents in the same way that they would report a spam email. 



Source link

    How Can We
    Help You?

    Performance and Simplicity exists side by side.

    Contact Pro Web Design and tell us about your next project and we will make sure it is successful. Let us do what we do best.

    website_design-creating_personal_concepts-undefined website_design-creating_personal_concepts-undefined
    1920 1080 Pro Web Design

    Elon Musk says Tesla will be profitable in Q3 and Q4 – TechCrunch

    Tesla is one of the more interesting companies for Wall Street that had an interesting couple of months…

    read more
    website_design-creating_personal_concepts-undefined website_design-creating_personal_concepts-undefined
    1920 1080 Pro Web Design

    Leap Motion’s “Virtual Wearables” May Be The Future Of Computing

    I won’t mince words: Despite many advances, today’s VR and AR still suck. The former is cumbersome, requiring…

    read more
    website_design-creating_personal_concepts-undefined website_design-creating_personal_concepts-undefined
    1920 1080 Pro Web Design

    Six tips for securing your organisation against cryptojacking

    Cryptojacking involves secretly stealing the processing power from a computing device to mine cryptocurrencies. Whilst originally confined to…

    read more

    Creatives – Design, Marketing, Support

    Working Hours: 08:00 – 17:00

    Email: contact[at]prowebdesign.co.za

    Phone: +27 76 260 2730

    We Love Your Feedback