By Simon Bryden, consulting system engineer at Fortinet
Crypto jacking is a new step in the evolution of malware monetisation methods. One of the first successful malware formulas was banking malware, where banking credentials were communicated back to cyber criminals. However, the conversion of credentials into cash is not an easy one. Ransomware was another step which made the process simpler - victims would wire money directly. However, ransomware is losing its effectiveness as computer users start to be aware of the danger, and improve their security and backup procedures.
Crypto jacking has one main advantage over these two: If well designed, the mining process can run in the background without consuming all available resources. In the best case, the user will be unaware that there is any extra processing going on. This makes it almost a "victimless crime" in the sense that the user may not be aware that there is a problem, as opposed to having a computer completely disabled, losing precious documents, or having money stolen from bank accounts.
The downside for the cybercriminal is that it needs a lot of victims to gain enough resources to make any real profits. Ultimately, that will be the factor which decides whether we see it continue as an attack vector, or whether its popularity diminishes as new techniques are found, and the evolution continues.
So how should these newer forms of attack that directly cost the affected company influence a company's IT security practices?
Deciding on the right approach to cyber security is essentially a risk management process. Companies need to conduct detailed reviews covering the assets that may be at risk, the protection mechanisms in place, and the potential damage to the company should those assets be stolen or destroyed. Assets may be information-based (files, credentials, databases) or, as more devices such as video cameras and physical security access systems become connected to the corporate network, they may also be physical property.
The damage to the company in the event of an attack may also be difficult to assess. Monetary losses from paying the ransomware may be easy to determine, but what about loss of documents, related recovery costs, and most difficult, the cost due to reputational damage, and legal liabilities caused by loss of customer data.
Crypto jacking losses are less tangible. Servers which are mining in the background will have limited resources for dealing with real work, and productivity will be affected. Customer experience can also be degraded on public-facing servers. These losses, whilst difficult to value, can be significant, and it becomes more important than ever to put in place a complete security solution covering all parts of the customer network, from the access to the cloud, not only covering protection against attack, but also continually monitoring the security "health" to identify potential weak points, and most importantly monitoring the complete IT infrastructure, in order to identify any breaches, and deal them before the real damage is done.