CryptoJacking for Fun & Profit

10845404453?profile=RESIZE_400xCyber threat investigators say do not let the ongoing "crypto winter" lull you into a false sense of cybersecurity.  The phrase “crypto winter” likely came from the hit HBO series, “Game of Thrones.”  In the series, the motto of the House of Stark was “Winter Is Coming.”  It was considered a warning that lasting conflict could descend on the land of Westeros at any time.  Similarly, an extended period of trouble may be settling over the crypto market.  During this difficult time, you must remain vigilant and be prepared for chaos to sweep over the market without much warning. Defining the phrase even more literally, “Crypto winter is when prices contract and remain low for an extended period.”  Analysts believe the signs of the emerging crypto winter were noticed earlier in 2022.[1]

Even as cryptocurrencies lose value and some crypto companies file for bankruptcy, cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond.  Cryptojacking is also referred to as malicious cryptomining.  It is a threat that embeds itself in a computer or mobile device and uses its resources to mine cryptocurrency.  Cryptojacking gives the attacker your money for free, at your device's expense and your network's health.

While everyone with an internet connection is technically vulnerable to cryptojacking, most attacks target enterprises with significant computing resources, especially those with an outsized number of third-party relationships.  If a malicious actor can breach your cybersecurity defenses for cryptojacking purposes, they can breach them for any number of contemptible reasons.  Under normal conditions, mining for cryptocurrency is hugely expensive because doing so requires immense electricity and sophisticated hardware.  Cryptojacking cuts out the overhead for malicious actors, so whatever they can mine becomes pure profit.

The losses associated with "crypto winter" have been catastrophic to legitimate cryptocurrency owners.  But for cryptojackers, "crypto winter" just means a little less free money than before.  The margins remain enormously high, and the incentives have not changed.  Nefarious actors still need access to capital that is essentially untraceable, so even amidst the crash, cryptocurrencies remain an important asset to them.  In other words, do not expect cryptojacking attacks to abate soon.

All Cryptocurrency holders are vulnerable cryptojacking.  Companies that are particularly dependent on third parties for their core business are prime targets.  Whenever a bad actor is trying to breach your cybersecurity defenses, a member of a ransomware gang, or a cryptojacker, they will always look for your weakest partner.  Often the weakest link is your trust with a third party or multiple third parties.

Those third parties may also have third parties they trust but with whom you have no direct relationship.  Because so many enterprises are built on these interconnected networks of trust and sometimes labyrinthine third-party relationship dynamics, weak points tend to cascade outward, making it easier for a cryptojacker to breach your cybersecurity defenses.

A real-world example of the potential threat third-party relationships pose to enterprise security:  According to cyber threat experts, 70% of financial companies that experienced data breaches reported that their particular breach was caused by granting too much-privileged access to third-party users.  In those instances, more than half did not investigate third parties' security and privacy practices before doing business with them.  In addition, 46 percent do not keep an active and comprehensive inventory of every third party they have given access to privileged information.  It is hard to know your enemy when you do not even know who your business partners are.

You can take steps to avoid being cryptojacked, such as conducting a risk assessment to determine your enterprise's vulnerabilities, especially its weakest link.  The odds are that it will be a third-party relationship.  From this point, you can deploy endpoint protections to detect if a cryptominer is running on an individual or server endpoint, which will help mediate the problem.

Enterprises can also approach third-party relationships with a functional zero-trust policy, including strong identity verification, extreme passwords, secret management, and privileged access to authorized users.  In addition to zero trust, enterprises can implement systems that only grant users access to systems when they need that access.  This eliminates rule creep and permissions creep and ensures that everyone only has access to what they need and nothing more.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com      

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989  

 

[1] https://thehackernews.com/2022/10/why-crypto-winter-is-no-excuse-to-let.html/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!