Crypto-jacking: Newer, stealthier, and needing tougher IT security

Simon Bryden.
Simon Bryden.

Crypto-jacking is a new step in the evolution of malware monetisation. One of the first successful malware formulas was banking malware, where banking credentials were communicated back to cyber criminals. However, the conversion of credentials into cash is not an easy one.

Ransomware was another step which made the process simpler – victims would wire money directly. However, ransomware is losing its effectiveness as computer users start to be aware of the danger, and improve their security and backup procedures.

Crypto-jacking – the unauthorised use of someone else’s computer to mine cryptocurrency – has one main advantage over these two. If well designed, the mining process can run in the background without consuming all available resources.

In the best case, the user will be unaware that there is any extra processing going on. This makes it almost a "victimless crime" in the sense that the user may not be aware that there is a problem, as opposed to having a computer completely disabled, losing precious documents, or having money stolen from bank accounts.

Continued evolution

The down side for the cyber-criminal is that he/she needs a lot of victims to gain enough resources to make any real profits. Ultimately, that will be the factor which decides whether we see it continue as an attack vector, or whether its popularity diminishes as new techniques are found, and the evolution continues.

So how should these newer forms of attack, which directly cost the affected company, influence a company's IT security practices?

Risk management

Deciding on the right approach to cyber security is essentially a risk management process. Companies need to conduct detailed reviews covering the assets that may be at risk, the protection mechanisms in place, and the potential damage to the company should those assets be stolen or destroyed.

Assets may be information-based (files, credentials, databases) or, as more devices such as video cameras and physical security access systems become connected to the corporate network, they may also be physical property.

The damage to the company in the event of an attack may also be difficult to assess. Monetary losses, from paying the ransomware, may be easy to determine; but what about loss of documents or related recovery costs? And most difficult, what about the cost due to reputational damage, and legal liabilities caused by loss of customer data?

Crypto-jacking damages

Crypto-jacking losses are less tangible. Servers which are mining in the background will have limited resources for dealing with real work, and productivity will be affected. Customer experience can also be degraded on public-facing servers.

These losses, whilst difficult to value, can be significant, and it becomes more important than ever to put in place a complete security solution covering all parts of the customer network. This may include access to the cloud - not only covering protection against attack, but also continually monitoring security "health" to identify potential weak points.

Most importantly, there must be monitoring of the complete IT infrastructure, in order to identify any breaches, and deal them before the real damage is done.

* Simon Bryden is a consulting system engineer at Fortinet. Views experssed are his own.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Brent Crude
All Share
Top 40
Financial 15
Industrial 25
Resource 10
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Yes, and I've gotten it.
21% - 1060 votes
No, I did not.
52% - 2667 votes
My landlord refused
28% - 1442 votes