October 23, 2018 - Oliver Sartori - ComputedWorld
The name given to the new technique that secretly uses your device or computer to mine cryptocurrencies when visiting an infected website is Cryptosequest, or Cryptojacking. Malicious miners are not new, however, a new alternative has drawn attention: running javascript mining scripts, running inside a site, which consume processing (and of course, electricity) of visiting machines. All this without the user being notified of what is happening.
The first, or one of the first, case of javascript mining in the web browser came from the PirateBay site, asking its users, "Do you prefer to advertise on the site or prefer to cycle the CPU every time you come to the site?" In theory it is a good practice, but it was quickly modified and illegally inserted into various sites, large and small, of all kinds.
In general there are two types of cryptoscracking attacks: server-based and browser-based. In the browser-based model, the attacker inserts javascript code into the web page, which then mines cryptocurrencies when users access the page. The server-based method runs mining code directly on the infrastructure server.
& #8211; Patch against known vulnerabilities
Pache management is an essential area of IT and Security that is often overlooked and becomes a vector for a variety of attacks, including cryptosecurity. For hackers, scanning for known vulnerabilities is a trivial activity, so don't be caught up in it and maintain a consistent patch management and enforcement program.
& #8211; Scan your network
Even with efficient patch management and stringent server access controls, cryptocurrency mining codes can eventually enter. A user may simply agree to install an application that has hidden mining malware as a secondary download and is not recognized by AV technologies, for example.
Relying on scans and having visibility into what is running on servers across the network is a critical ability to aid in detecting potential cryptosecurity attacks. Cryptocurrency mining is resource intensive, so any CPU that is consuming resources beyond expectations should be analyzed.
& #8211; Limit Partner and Third Party Risk
Another route of attack that can be taken is to embed code on a website through third party extensions or advertisements. To prevent any unauthorized script from running on a website, companies can use a protocol known as Content Security Policy. The original idea behind CSP was to limit the risk of Cross Site Scripting, but it also has application against any potential form of code injection. The CSP is defined on the webserver host and can be further enforced using Sub-ResourceIntegrity, which identifies when a script has been modified.
All attention and care always! The more attentive you and your employees are, the more likely you are to prevent cyber sequestration.
About [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
- Archer da RSA Security, considered by the institutes Gartnerand Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
- [SAFEWAY]Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
- And others, involving technologies Imperva, Thales, BeyondTrust, Manly, WatchGuard Technologies