Did you know that malicious hackers may be using your website to illegally mine digital currency, even though your company doesn’t handle Bitcoin, Monero, Ethereum, and other cryptocurrencies? Hackers recently infected Tesla’s AWS cloud storage with cryptocurrency-mining malware.
Even the internal server used for developing prototypes and new products at SEWORKS was targeted. In our case (and since we are security experts), we noticed our server was running slowly. After thoroughly analyzing the server, we uncovered a XMR mining code (XMR is Monero) and shut down the attack before any damage occurred.
Why are these attacks happening? The cryptocurrency market is red hot, with seworks it could hit $1 trillion this year. However, mining cryptocurrency requires enormous computing power. Basically, hackers find it cheaper to mine cryptocurrency by infiltrating and accessing someone else’s CPU or GPU power (on site and in the cloud), rather than pay for it themselves.
Remember, not only can a company’s website be compromised, but the computers, phones and devices of visitors to the website can be at risk as well. And due to malicious behavior, businesses may discover that Google can block access to a compromised website, affecting customers, potential customers and partners, rendering financial damage and shredding a company’s reputation.
With every indication that the crypto-jacking trend will continue to escalate, here are some important issues companies and their IT departments should consider.
Which websites are in hackers’ crosshairs?
Typically, hackers look for sites that can generate additional computing power to aid their mining efforts. In the case of Tesla, it meant access to another company’s cloud storage. Another target is high traffic websites where unsuspecting visitors’ accounts are also hijacked. By tapping into the computing power of visitors’ computers, phones and devices, hackers can leverage still more crypto-mining resources.
As for mining cryptocurrency on mobile devices, we’ve seen increasingly sophisticated techniques using malicious botnets and phishing with mobile apps. Although there may be increased battery drain and a slightly less responsive user experience, a user may not grasp that it is because of crypto-jacking.
Overt symptoms indicating web and mobile apps are being used for crypto-mining aren’t easily detected. Remember, crypto-jacking doesn’t always occur in a malware form; it could be registered as a regular program code. Many zombie PCs (botnets) formerly used for DDoS attacks now are being employed for crypto-mining. Additionally, miners often prefer server attacks since noticeable signs are less likely.
What are the signs?
The dilemma is that crypto-jacking may not raise warning flags. Since hackers are tapping into computing power, server overload could be an indicator. Employees’ computers may run slower, but if not fully throttled, this may not cause concern.
Maybe a computer’s fan is running hot or a browser slows down when crypto-mining is happening? The battery life of devices may be shorter. As we’ve mentioned, any signals may be so subtle as to be easily overlooked.
To avoid detection, hackers may insert malicious code during slow times, such as after hours or on the weekend. A company could analyze how much computing power is being used and monitor for spikes or steady unexplained rises, but these indicators are not always tracked.
Protecting your website from crypto-jacking
Although you may believe there are sufficient security measures on your network, your website can still be vulnerable to crypto-jacking. To determine if your website is susceptible or is actually under attack, endpoint security and monitoring network traffic are useful tactics.
However, a highly recommended approach is to conduct a simulated attack via a pen test or penetration test to uncover vulnerabilities that an attacker could exploit. Here are several penetration testing methodologies to consider:
It’s critical that your business deploys security protection. In our case, we were able to find the mining code and patch it, but it’s alarming that it passed AWS security standards.
To guard against crypto-mining, enterprise security and IT teams must closely monitor endpoint and server activities. Constant pen testing, updating system daemons regularly (each OS release update), employing a patch management system, and cloud server update patches are recommended. Remember, offensive security is the best defense against crypto-jacking!
