Cryptojacking has erupted on the cybercrime scene. Some say cryptojacking is the new ransomware. But according to Sophos, it’s not one over the other. Both are equally worrying. In this latest Sophos Cyber Threat Report, we explain how cryptojacking works and the protection you need for customers.
Two types of cryptojacking scenarios are primarily wreaking havoc right now.
The first scenario is “in-browser” cryptomining. Cybercriminals can use in-browser cryptominers on any device – even mobile phones – to steal electricity, CPU power, and more to mine digital currencies like monero and bitcoin. While this scenario is not earth-shattering from a threat standpoint, it is a nuisance, racking up utility bills and depreciating hardware.
“You’ve got a piece of malicious software that’s running on your system, and you’re having to pay for the electricity. You’re having to pay for additional cooling and increased wear and tear on your computers,” says John Shier, senior security expert at Sophos.
Another, more invasive variation of cryptojacking is when hackers install cryptominer software on to computers and use them to do their dirty work. This means your customers have been breached.
And if they’ve been breached, there’s a high probability these cybercriminals – also known as cryptojackers – are deploying ransomware, key loggers and other types of malware to take over computers.
According to a recent Sophos survey, businesses suffer from an average of 16 infected computers per month. Multiply that by the time it takes to identify, isolate and fix a breach, and your customers could spend seven days per month remediating infected computers.
“IT professionals will tell you that the end user doesn’t really understand the pain that the IT person has to deal with when they have to fix those problems,” says Brian Hanify, vice president of sales and marketing at AKUITY Technologies.
Using preventative technologies to stop problems before they start can eliminate the business implications cryptojacking and other types of malware causes. Sophos always recommends that solution providers help their customers implement security basics, including a layered security approach and keeping systems up-to-date by prioritizing patching.
Shier recommends patching early and often because malware typically won’t run on a fully patched system.
Sophos also suggests innovative security technologies that allow endpoints and networks to talk to each other, share intelligence and include deep learning to proactively prevent cryptojackers – or any type of cybercriminal – from slipping through the cracks and infiltrating.
“The more ‘predictiveness’ we build into our products, the better off we are. If we can build an environment where we’re constantly innovating, we’re going to give those hackers a fight,” says Dan Schiappa, senior vice president and general manager, products, at Sophos.
Another key security technology that solution providers need is root-cause analysis, which helps customers track the path of an attack and make the appropriate changes, so it doesn’t happen over and over again.
“You have to have a good analytics platform that can let you know what happened on an endpoint, how did the threat get in and what other machines did that threat potentially touch on its way in or out the door,” says Shier.
Lastly, solution providers must partner with a vendor that tackles security challenges with clarity and confidence.
“Everything we do is designed with partners in mind. Whether we’re introducing a new product, or process, we want to make sure that our partners, of all sizes, have the ability to address the security threats that are happening in the marketplace right now,” says Erin Malone, vice president North American channel sales at Sophos.
Security threats like cryptojacking aren’t the only thing partners have to worry about, there’s also compliance regulations. Stay tuned for our next episode of Sophos’ Cyber Threat Report when we update you on why GDPR has become a big problem for channel partners.