What is cryptojacking? How to prevent, detect, and recover from it

Criminals are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it.

1 2 Page 2
Page 2 of 2

Deploy a network monitoring solution. Vaystikh believes cryptojacking is easier to detect in a corporate network than it is at home because most consumer end-point solutions do not detect it. Cryptojacking is easy to detect via network monitoring solutions, and most corporate organizations have network monitoring tools.

However, few organizations with network motoring tools and data have the tools and capabilities to analyze that information for accurate detection. SecBI, for example, develops an artificial intelligence solution to analyze network data and detect cryptojacking and other specific threats.

Laliberte agrees that network monitoring is your best bet to detect cryptomining activity. “Network perimeter monitoring that reviews all web traffic has a better chance of detecting cryptominers,” he says. Many monitoring solutions drill down that activity to individual users so you can identify which devices are affected.

"If you have good egress filtering on a server where you’re watching for outbound connection initiation, that can be good detection for [cryptomining malware]," says Farral. He warns, though, that cryptominer authors are capable of writing their malware to avoid that detection method.

Monitor your own websites for crypto-mining code. Farral warns that crypto jackers are finding ways to place bits of Javascript code on web servers. "The server itself isn't the target, but anyone visiting the website itself [risks infection]," he says. He recommends regularly monitoring for file changes on the web server or changes to the pages themselves.

Stay abreast of crypto jacking trends. Delivery methods and the crypto-mining code itself are constantly evolving. Understanding the software and behaviors can help you detect crypto jacking, says Farral. "A savvy organization is going to stay abreast of what’s happening. If you understand the delivery mechanisms for these types of things, you know this particular exploit kit is delivering crypto stuff. Protections against the exploit kit will be protections against being infected by the cryptomining malware," he says. 

How to respond to a cryptojacking attack

Kill and block website-delivered scripts. For in-browser JavaScript attacks, the solution is simple once cryptomining is detected: Kill the browser tab running the script. IT should note the website URL that’s the source of the script and update the company’s web filters to block it. Consider deploying anti-crypto mining tools to help prevent future attacks.

Update and purge browser extensions. “If an extension infected the browser, closing the tab won’t help,” says Laliberte. “Update all the extensions and remove those not needed or that are infected.”

Learn and adapt. Use the experience to better understand how the attacker was able to compromise your systems. Update your user, helpdesk and IT training so they are better able to identify cryptojacking attempts and respond accordingly.

This story, "What is cryptojacking? How to prevent, detect, and recover from it" was originally published by CSO.

1 2 Page 2
Page 2 of 2
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon