Anytime a new threat has as profound and far-reaching an impact as crypto-mining has this year, it’s tempting to shift from a holistic enterprise security strategy to a single-minded approach, which only focuses on that one particular threat.
Cryptojacking, the act of illicitly mining for cryptocurrency, is grabbing a lot of headlines and creating quite a buzz lately. In fact, Forbes called it the top cyberthreat of 2018. The latest surge in cryptojacking indicates a shift in the way attackers exploit vulnerabilities, but there’s no substantial evidence to support the idea that crypto-mining represents a growing percentage of the overall threats to enterprises.
Crypto-Mining: Surging Threat or Flavor of the Week?
While researching, I tried to find credible statistics to support the claim that crypto-mining is the most dangerous form of malware — but the numbers are all over the place. One report from security provider Check Point stated 55 percent of businesses worldwide had been affected by crypto-mining attacks in December 2017, while a more recent report from the same firm found 42 percent of organizations experience such an attack in February 2018.
If we’re talking about a surge, those numbers are shifting in the wrong direction.
Last year we heard similar conversations about ransomware, which has yet to loosen its grip on organizations around the world. According to research from Enterprise Strategy Group (ESG), 63 percent of companies experienced an attempted ransomware attack in 2017, and a newly discovered variant, Annabelle, is seemingly designed to wreak as much havoc as possible.
Whether it represents a long-term concern or a fleeting trend, crypto-mining has gained lots of media attention this year. Without trivializing the potential risks it poses to enterprises, the reality is crypto-mining is just another web-based malware that can be exploited by an attacker. These types of threats continually emerge and will continue to proliferate as more organizations embark on their journey toward digital transformation.
Voluntary Crypto-Mining Versus Nefarious Attacks
Worse than adware and potentially unwanted applications (PUAs) — but not quite malware — crypto-mining sits in a category of its own for now. Attackers leverage software that uses the processing power of victims’ systems to mine for cryptocurrency. While this sounds malicious, some well-known and oft-visited website operators, including Showtime and Salon, voluntarily run cryptocurrency mining software on their sites as a way to supplement revenues generated by ads.
Still, nefarious actors leverage known vulnerabilities to deliver the mining malware through spam attachments and exploit kits. Before getting swept away in the fear and uncertainty of this trending attack, however, it’s important to take a step back and look at the bigger picture of enterprise security.
Threats From Digital Partners
To defend against web-based malware, it’s essential to understand precisely what is happening and the risks to your organization, particularly when it comes to enterprise websites. One factor contributing to the rise of this threat is the fact that most companies don’t know they’ve been compromised.
“The continuing use of crypto-mining script underscores the importance of knowing your digital partners and the code they execute in your digital environment,” said Chris Olson, CEO of security consultancy The Media Trust, as quoted in Security Boulevard.
Today’s digital enterprises run on code, yet there is a world of unknown code that creates serious risks for enterprises. As Olson recently noted in a CSO Online article, 50–90 percent of executing code is delivered by third parties — who then call upon fourth and fifth parties. To effectively mitigate the risks from digital partners, website operators need transparency and visibility into their vendors’ operations and security activities.
Building a More Comprehensive Enterprise Security Framework
Taking a more active and decisive approach to risk management is a critical step toward establishing a more comprehensive security framework. The cybercrime landscape is continuously evolving, which means organizations shouldn’t invest all their resources into mitigating the latest threat.
Today’s top headline-grabber is cryptocurrency mining malware, but that doesn’t mean companies can ease up on persistent threats, such as ransomware, distributed denial-of-service (DDoS), man-in-the-middle (MitM) attacks and malicious insiders.
To ensure that you have an intelligent, integrated immune system, it’s essential to implement the appropriate prevention, detection and response controls and procedures.
The following security best practices can help you build a better defense in depth strategy to defend against threats:
- Implement two-factor authentication.
- Install web application firewalls or web content filtering.
- Create rules and access controls for user account privileges.
- Disable access to unused ports and services.
- Invest in endpoint security technology.
- Verify that you are running updated antivirus software.
- Create a patch management program.
- Develop and practice incident response to confirm that backup policies are in place and that they work.
A comprehensive security framework will allow you to withstand the changing tides of threats. With a holistic security immune system, you can take singular steps to respond to specific threats that augment your existing defense activities and bolster your overall security posture.
Discover IBM’s integrated and intelligent security immune system