Taking Cryptojacking Out of the Shadows

Once hackers rope you in, there's no letting go. You can be on their victim list for as long as you have the infected computer, or in the case of large enterprises where users are part of a larger internal network, maybe forever.

Cryptocurrency malware is a case in point. If hackers manage to infect your system, they can easily enslave your computer or network for their distributed computing operation.

Cryptojacking steals processor resources, as well as electricity. The cryptojacking malware squeezes legitimate processes out of the way to take over more resources for itself, and never lets up – unless the system is completely shut down.

Since cryptocurrency malware quietly works in the shadows of your system – unlike, for example, a ransomware that demands cryptocurrency to unlock the computer – detecting it can turn out to be an extremely complicated task. Typically, victims will only notice that they have been compromised long after the malware has already breached their system – either by receiving a large electricity bill or unexpected high maintenance costs. 

Is There a Way to Prevent Cryptojacking Attacks?
Currently, many people attempt to prevent cryptojacking attacks with the usual approach - security systems designed to search and root out malware. However, such protection methods have proven to be ineffective as there is a lack of visibility into the core processes that trigger the crypto-malware, and as mentioned before, once they’re in – they’re in.
The only way to truly prevent cryptojacking is to prevent the malware from getting installed in the first place, rather than waiting to detect it post-breach. And the way to do that is to “attack” malware where it is most vulnerable - in the way it affects a device’s operating system. By closely monitoring the execution flow at the CPU level of an application, administrators will be able to determine when they are being attacked by cryptojacking malware, or indeed any other malware - and take steps to arrest it before it has a chance to fulfill its purpose.

CPU Monitoring Provides “Fool” Proof Protection 
Even if the hacker successfully disguises the attack and uses the most cutting-edge evasion techniques, the CPU would still be affected - it just can’t be avoided. This means that by closely monitoring the execution flow at the CPU level of an application, while it is rendering the document or link, CPU-level security will always be able to uncover the exploitation technique.

By utilizing a detailed mapping of each application’s processes that corresponds with the “correct” behavior, a CPU-level technology could detect anomalous activity. For example, if it is calling routines that are not associated with what is meant to be happening on the computer at that moment, etc. When such unusual processor activity is detected, a smart system could automatically flag it, block it, and ensure that the organization will not be infected with crypto-ware – or any other “ware” for that matter. 

Once cryptojackers get in, it is extremely difficult to get them out, and the long-term resource drain of crypto-mining can be significant. The most effective way to fight them is to essentially keep them out altogether.

What’s Hot on Infosecurity Magazine?