How to Contain Cryptojackers Attacking Enterprise Networks
via Shutterstock
As the value of cryptocurrencies increased, cybercriminals quickly seized on it as a new opportunity for profit – and mischief. Ever adaptable, they adjusted their technique for generating payoffs, moving from utilizing ransomware to encrypt data to pirating enterprise computing power to hit crypto-jackpots.
Cybercriminals have their sights set on enterprise networks, which provide access to thousands of machines. According to a recent report from McAfee, coinminer malware increased an extraordinary 629 percent to more than 2.9 million known samples in Q1 of this year, an increase from less than 400,000 samples in Q4 of 2017.
The Impact of Cryptojacking
An immense amount of computing power is required to mine considerable sums of cryptocurrency. Cryptomining is perfectly legal – with the permission of the processor’s owner. However, when enterprising miners pursue unscrupulous tactics to gain access to others’ computing resources without permission, it is known as cryptojacking.
Hackers gain access to networks by generating JavaScript code that launches a coinminer and inserts it into a website or online ad. When a user browses the site or interacts with the malicious ad, the script immediately executes and secretly reroutes organizational resources to the cryptojacker's mining effort. In some cases, hackers leverage cryptomining scripts to serve as a gateway for future malware or ransomware attacks on the infected company.
Computing resources compromised by cryptomining scripts result in slower-performing computers, hindering productivity. Consequences for the enterprise can be drastic, but incredibly difficult to pinpoint. A company may experience unexplained increases in its electric bill for the month, hardware that overheats, or overall slower performance. However, none of these issues are specific to cryptojacking, and they are easy to overlook or attribute to other causes.
Isolate Your Network
Defense-in-depth cybersecurity strategies consisting of anti-malware solutions, sandboxing technology, URL filtering and firewalls cannot effectively detect cryptominers and are powerless to fight the cryptojacking epidemic. An additional layer of security is required to buttress defense-based security solutions and represent the “puzzle piece” required to make endpoints impervious to cryptojacking attacks.
Remote Browser Isolation (RBI) technology is that piece. Unique among security solutions, it doesn’t rely on detecting or blocking malware – it is not reactive. Instead, it ensures that all internet content is isolated away from organizational networks and endpoints.
With RBI, websites are rendered by a virtual browser located inside a disposable container in the cloud, or DMZ. Users interact naturally with sites via a safe data stream that’s sent from the virtual browser to their browser of choice, on their device. When the user stops browsing, the container is destroyed, along with the virtual browser and all site content, benign and malicious.
Malicious cryptomining scripts are activated within the remote browser container, where the damage it can cause is minimal. Computing resources allocated for each container are highly restricted and once a browsing session is complete, the container and all content is destroyed. As a result, both the computing resources available to be cryptojacked and the duration during which mining can take place are inconsequential and have no impact on overall processing power and costs. Since cryptominer code never reaches the endpoint, it cannot penetrate from there onto organizational networks.
By implementing remote browser isolation technology into existing cybersecurity frameworks, enterprises can proactively shield their users and ensure that their computing resources remain untouched by cryptojackers and secure.
Joshua Behar is the President and CEO of Ericom Software.
