A new offender is exploiting vulnerabilities
Bad actors work day-in-and-day-out to exploit system weaknesses and vulnerabilities. A new troublemaker is entering the scene attempting to also profit from organizations’ cyber weaknesses: it’s the cryptominer.
In a previous blog, 9 IT trends Set to Rock the Boat in 2023, Automoxers highlighted industry trends to keep a watchful eye for, including new potential threats to keep on your radar. Cryptomining, and its imminent collapse, was highlighted as one of the biggies. Why?
"Crypto-collapse may create a perfect storm for cybersecurity woes. Previously, cryptocurrency miners were the fastest group to turn bugs in public-facing services into mass exploitation efforts. A significant amount of that newly surplus knowledge and capacity will be used for more costly and dangerous activities, such as ransomware and business email compromise (BEC)."
- Jason Kikta, CISO
To get a better picture, let’s start with the cryptominer’s main job up until recently – that is, mining cryptocurrency.
Cryptocurrency, from Bitcoin to Dogecoin, is digital currency leveraging cryptography, a secure communication system to protect digital transactions, without using intermediaries, such as banks. These transactions are conducted using algorithms that confirm which transactions take place on the network, called a proof-of-work (POW).
Enter cryptominers (miners for short). These individuals, or often a team of miners, “solve” crypto’s digital algorithms for transactions and add them to the blockchain, a digital ledger for cryptocurrencies such as Bitcoin. This is often called blockchain processing. Miners are then paid for solving these algorithms with a mining award in cryptocurrency. Miners often compete against their criminal colleagues and race to add the next transaction to the blockchain.
Source: Zoolander
When one well dries up, miners will seek $ elsewhere
Recently, cryptominers have turned their attention outside of the currency market. What’s with the new focus and why?
The crypto-collapse has created the perfect storm with miners now diverting their attention to global cybersecurity. With the bottom falling out of the cryptocurrency market, these miners are now upping their cybercriminal tactics, adjusting business models, and going after organizations’ vulnerabilities. Miners have switched their attention, surplus knowledge, and resources towards more costly and dangerous cyber activities, such as ransomware and business email compromise.
How to prepare and protect an organization’s assets from cryptominers
What does this mean for organizations? More risk? More work? More vigilance? Unfortunately, it’s yes to all of the above.
This is the perfect opportunity to get back to IT and security basics to essentially close and lock the door on miners. Expanding visibility to account for every device, patching each endpoint to remove vulnerability exposures, and avoiding configuration drift, are a few examples of quickly and simply removing vulnerabilities these miners will go after. This includes staying ahead of:
Assets – Identify critical assets, where they are located, who owns the data, and who has access. Locking down and controlling access to these crown jewels, can help keep miners at bay
Patches – According to industry-leading data, new critical vulnerabilities are often weaponized within seven days on average. Deploying critical patches within the recommended 72-hour window is a significant step in staying ahead of miners trying to exploit critical vulnerabilities.
Configs – Misconfigured settings can lead to a host of problems with the most prominent concern being security. Accepting default settings may also open up a can of vulnerability worms. Ensure configurations are continuously maintained and customized to ensure security is paramount.
Device States – Complete endpoint visibility and transparency remove the vulnerability of missed devices that may be unsecured and ripe for miners to exploit. Visibility can also help answer:
Are software updates needed?
Are users deferring patches?
When was the last time a password reset was initiated?
Being in “the know” regarding the state of each and every endpoint and the ability to take action as needed, can stop miners in their tracks.
Simply getting these basics underway, or confirming they are up-to-date, can be the first step to blocking miners.
Will cryptominers be around for the long haul?
It depends. For cryptominers that have successfully made the switch to cybercrime, organizations need to remain constantly vigilant as IT teams should always be doing. But as bad actors often do, they may jump to the next shiny digital trend that will make them money easily.
Cryptocurrency is still in its infancy and the 2022 downturn may be looked upon as simple growing pains with a future industry rebound where miners will quickly return to what they know. One can only hope.
Start your free trial now.
Get started with Automox in no time.
By submitting this form you agree to our Master Services Agreement and Privacy Policy
