SecurityHero Digital lock security icons pointing
Introduction

In Cryptojacking part 2, we examined some of the specific threats that the Blockchain and Cryptojacking can bring to your Cloud based Infrastructure.  In this blog, we look at some of the various ways in which you can protect it from Crpytojacking.

The Top Tips

So, what can a business or a corporation do to protect their Cloud Infrastructures from being used by a Cryptojacker? Here are some recommended strategies:

1)     Take ownership of your Security responsibilities.  Although it is up to your Cloud Provider to provide all of the Security features that they can, it is still your primary responsibility to work with your Cloud Provider in order to make sure that everything is properly configured.  If you are offered default Security settings, don’t use them and create your own that are specifically tailored to your Security requirements.  Also, make use of advanced Encryption techniques, if they are offered by your Cloud Provider.

2)     Many cloud based Crpytojacking attacks can be traced back to poor login credentials (once again, using very weak passwords).  Make use of a Password Manager to create long and complex passwords.

3)     Set up your Virtual Machines as you absolutely need them.  Do not create extra ones that you are not going to use, as this will simply increase the attack surface for the Cryptojacker.

4)     Make sure that you educate anybody in your organization that is tasked to manage your Cloud Infrastructure in its proper design and secure deployment.

 

Just like how a Cloud Infrastructure is prone to a Cryptojacking attack, so are mobile apps. In fact, a recent study, conducted by a Cyber security firm known as Sophos, detected 25 rogue mobile applications which had the infected Cryptojacking source code in them.  These mobile apps were downloaded at least 120,000 times by different end users.

 

So, in response to the recent to this, tech giants like Google and Apple whom have mobile app stores are taking proactive actions to protect their customers.  For example, with the former, they no longer allow for browser extensions in its Web Store that mine cryptocurrencies. The Google Play Store allows for customers to pick extensions and apps that personalize their Chrome web browser, but this will now become highly restricted.

 

Conclusions

This is our final series on Crpytojacking.  Our next blog will examine what the Cyberthreat landscape will look like for 2019.

Sources

1)       https://www.nbcnews.com/tech/tech-news/your-computer-could-be-quietly-mining-bitcoin-someone-else-n922101

 

The details of the Sophos study can be seen here:

Cryptojacking apps return to Google Play Market