Bitcoin & Cryptojacking – Part 4
Our last post in this series examined some of the specific threats that the blockchain and cryptojacking can bring to your cloud-based infrastructure. In this post, we look at some of the various ways in which you can protect your infrastructure from cryptojacking.
The Top Tips
So, what can an organization do protect its Cloud infrastructures from being used by a cryptojacker? Here are some recommended strategies:
- Take ownership of it security responsibilities. Although it is up to the Cloud provider to provide all of the Security features they can, it is still the organization’s primary responsibility to work with the Cloud provider to make sure that everything is properly configured. If an organization is offered default security settings, it shouldn’t use them and should create its own that is specifically tailored to the organization’s security requirements. Organizations should also make use of advanced encryption techniques if they are offered by the Cloud provider.
- Many cloud-based crpytojacking attacks can be traced back to poor login credentials (once again, using very weak passwords). Organizations need to make use of a password manager to create long and complex passwords.
- Setting up virtual machines is essential for all businesses. An organization should not create extra ones that it won’t to use, because this will increase the attack surface for the cryptojacker.
- Organizations need to make sure that they educate anybody in the organization that is tasked to manage the Cloud infrastructure in its proper design and secure deployment.
Just like how a Cloud infrastructure is prone to a cryptojacking attack, mobile apps are also targets for cryptojacking attacks. In fact, a recent study, conducted by a cybersecurity firm known as Sophos, detected 25 rogue mobile applications which had an infected cryptojacking source code in them. These mobile apps were downloaded at least 120,000 times by different users. This can be illustrated in the diagram below:
In response to this, tech giants like Google and Apple who have mobile app stores are taking proactive actions to protect their customers. For example, Google no longer allows for browser extensions in its web store that mine cryptocurrencies. The Google Play store allows for customers to pick extensions and apps that personalize their Chrome web browser, but this will now become highly restricted.
This is our final post on the crpytojacking series. Our next blog will examine what the cyberthreat landscape will look like for 2019.