Premium

Cisco’s Keanini: Ransomware Takes Back Seat To Cryptojaking

Forget ransomware, the hackers have found a new way to make money: cryptojaking.

With bitcoin, the leading cryptocurrency’s value declining and with companies and individuals getting smarter to the scourge that is ransomware, the bad guys have shifted focus, infiltrating computers of unwitting people and companies, using their processing power to secretly mine digital tokens.

Sure they may only make ten cents off of one computer, but it's on a recurring basis and add hundreds or thousands of computers to the mix and it suddenly becomes attractive to the hackers. “Bitcoin mining requires a lot of power and if they breach your computer they have taken the cost out of the equation,” said TK Keanini, distinguished engineer, product line CTO for analytics at Cisco, the San Jose, California-based IT, networking, and cybersecurity company in an interview with The Saas Report. “We’ve seen cryptojaking activity everywhere even at trade shows where companies set up for a couple of days.”

Cryptojaking The New Ransomware 

In essence, cryptojaking occurs when a hacker accesses someone’s computer without their permission to mine for digital tokens. Hackers will infiltrate a computer by tricking a person into clicking on a malicious link in an email or they will infect a website or online ad to get access.  According to Symantec in December the activity appeared to peak with the security software company blocking 8 million cryptojaking events. As of July of this year, Symantec said it has blocked 5 million cryptojaking events. The impact to users is typically a slowdown in the device, batteries that overheat, increased energy consumption and in some cases the computer is rendered useless.

What Keanini said makes cryptojaking so insidious is that the user in a lot of the cases has no idea what is going on behind the scenes with their computer. But if the bad guys have access and control of your computer or a corporate network and want to create havoc he or she can easily wipe off all the data on the device. He said that while users don’t seem worried if the computer is used for cryptomining without their authority, as soon as they learn it could lead to more malicious actions they start to care more. “These bad guys have control of 30,000 machines or 100,000 machines. They have retooled (from Ransomware) because the numbers are attractive,” said Keanini. "With Ransomware, they have one shot at collecting the payout; however with cryptojacking, they have a recurring revenue stream because a compromised host can make 10 to 15 cents a day and tomorrow, it will make that again and so on and so on."

Think Like A Hacker To Protect Your Network 

So what can companies and individuals do to protect their systems from cryptojaking? Keanini said the first thing is to identify the cryptojakking activity which can be extremely difficult since the hackers have made a living creating advanced methods to stay hidden. As a result, they use every evasive method possible and quickly shift to where they will be the most profitable.

To combat it, the executive said Cisco has several methods, not just one, aimed at fending off the hackers including products that sits on the endpoint as well as the network leaving no area without monitoring. Cisco is also applying machine learning and artificial intelligence to the problem, developing technology that can analyze the traffic without having to perform decryption on any of the data.  “There are all kinds of forms of cyrpotjaking. There’s stuff that can run in your browser and stuff on your phone. You have to be vigilant across your enterprise,” he said, noting the companies have to look for the malicious activities in places they wouldn't think of looking in the past, being ever cognizant of the fact that the hackers hide in the shadows. “As long as cryptocurrency has value and is exchanged we will see this trend. It won’t go away or shrink as long as the bad guys are making money at it,” said Keanini.