Dangers of Cryptojacking Your Businesses
Cryptojacking may not seem as dangerous as ransomware or data breaches since cybercriminals are stealing a computer’s processing power rather than money or data. Companies that dismiss this threat could put their businesses at great risk. Cryptojacking malware has become increasingly sophisticated with hackers getting more creative in ways to deliver it. This spells trouble if you are not prepared for it.
Crippling Affects Of Cryptojacking Examples:
- The Cryptojacking malware known as PowerGhost, was discovered in summer 2018. Kaspersky Lab researchers found that cybercriminals used phishing emails to gain initial access to a computer. Once the machine was infected, the malware used credential-stealing and remote-administration tools to spread itself to other machines in the local network. Then to make matters worse, newer versions of PowerGhost now have the ability to disable antivirus programs such as Windows Defender.
- Another sophisticated program is PyRoMine, which Fortinet researchers found in Spring 2018. Besides stealing processing power, it creates a backdoor account with administrator-level privileges, enables the Remote Desktop Protocol (RDP), opens the RDP port in the Windows Firewall, and makes other system changes so cybercriminals can remotely access the computer at a later time. The program configures the Windows Remote Management Service to allow the transfer of unencrypted data.
Guard Against Cryptojacking
A more wide scale approach is needed to protect businesses today including:
- Make sure computers’ operating system software and apps are updated so known security vulnerabilities are patched. Both PowerGhost and PyRoMine exploit unpatched security vulnerabilities in Windows operating system software to create their footholds.
- Ensure your security software is up-to-date. This helps guard against known cryptojacking code plus help protect computers from other malware that may be installed.
- Educate employees about phishing emails and unsafe web browsing habits. Phishing emails are often used to gain initial access to a computer. Employees need to know the dangers associated with clicking links in emails and opening files attached to them. Here are 6 easy tips for training your employees.
- Use ad or script blockers in web browsers to prevent malicious scripts from loading.
- Inspect your website to make sure hackers have not placed a cryptojacking script on it.
Monitoring your computer systems and network for unusual activity is smart business. CopperTree Solutions can evaluate your business and provide specific recommendations on what you need to defend against the many types threats.