By Anthony Chadd, Neustar
With the global cryptocurrency market experiencing steady growth, cryptojacking attacks have exploded in popularity. These attacks look to embed cryptomining malware in the targeted network to hijack servers and steal processing power, diminishing the capabilities of IT resources.
Cryptojacking attacks can be carried out in numerous ways, but watch these two vectors closely:
- Utilizing a DDoS attack as cover: One of the most common techniques, it’s the digital equivalent of a pickpocket team where one robber jostles you while the second lifts your wallet. While the attack dominates the attention of your IT security team, bad actors use the turmoil to insert cryptomining malware. These malicious scripts might even include code to enlist infected server(s) as part of a botnet to participate in future DDoS attacks on other systems.
- DNS Hijacking: Where the attacker directs your DNS traffic to a malicious site – either via cache poisoning or taking over a legitimate site commonly visited by your users or systems – that appears legitimate but inserts malware into your network.
How can cryptojacking attacks be detected?
Cryptomining malware conceals itself, so you won’t know you’re infected unless you regularly:
- Monitor utilization of servers: If you’re hit, you’ll likely see a sudden and sustained increase in server utilization.
- Monitor electricity consumption: For most enterprises, IT power usage is consistent and tends to fall in patterns related to regularly recurring computing demands. An unusual spike in consumption could indicate a cryptomining script.
How can they be prevented?
There are several steps your organization can take to prevent cryptojacking:
- Deploy an ‘always on’ DDoS mitigation service that constantly monitors traffic to ensure threats of all sizes are detected, managed, and diffused. Immediate detection and response reduce the opportunity for cryptomining malware to make its way into your network.
- Use a WAF to protect your web apps from leading vulnerabilities.
- Work with a managed DNS partner to help implement DNSSEC. This can help to prevent attacks like cache poisoning and DNS hijacking by validating DNS addresses and providing end-to-end integrity checks to ensure confidence in each connection.