Maksim Kabakou - Fotolia

Security Think Tank: Use awareness, education and controls to halt cryptojacking

How can organisations best defend against cryptojacking?

Mining cryptocurrency can be big business; organisations and individuals alike mine cryptocurrency to generate income.

However, mining cryptocurrency takes a significant amount of computing power – more than individual computers can provide. If an individual or organisation decides to pursue this way of making money, significant investment is required into the computing power needed, as well as the cost of the electricity to run the computers.

Some organisations have chosen to use cryptomining as a replacement for ad revenue. Entirely above board, users can make a choice to accept whether or not the website using their computer mines cryptocurrency for the period they are on the website.

There is, however, a new threat on the block – unscrupulous miners of cryptocurrency undertaking cryptojacking. Often using botnets, this threat takes over other computers, without the users’ knowledge or consent, to harness the computing power in the quest for cryptocurrency, using methods including a phishing link in an email, content in a browser, or online advertisements.

According to the Internet security threat report (ISTR) from Symantec, cryptojacking attacks went up by 8,500% in 2017, with the vast majority of the rise taking place in the final quarter of the year, when the value of many publicly traded cryptocurrencies soared.

Users might notice their computer running more slowly than usual, but other than that may be unaware that their machine has been cryptojacked and is being used to mine cryptocurrency. Yet, it still costs organisations and individuals in productivity and computing power.

Having emerged as a threat only recently, defending against cryptojacking firstly requires that those charged with protecting an organisation’s information and systems know about it and the effects on processing power. When users contact a helpdesk with a problem that includes a slow-running computer, cryptojacking can then be included in the analysis of the machine.

Installing preventative measures such as ad blockers and anti-cryptomining extensions can contribute to protecting the organisation. Ad blockers have a well-known downside, in that some websites can prove more difficult to navigate and specific websites may need pop-ups enabling (a time-consuming exercise for the service desk or user).

Read more about cryptojacking

Anti-cryptomining extensions can also be used to pick up both authorised and unauthorised cryptomining on a machine.

As with most threats, organisations need to protect in layers – awareness and education (covering people and process) supplemented by technological controls.

Read more on IT risk management