Cryptojacking is becoming all the rage in the cybercrime world recently. Unlike ransomware, criminals do not need to wait to get paid. As soon as their code hits your servers they start generating cash. Cryptojacking is the practice of taking over the computing power of exposed servers to generate cryptocurrencies. That cold hard cash is made up of 1s and 0s.
On the server side, particularly on larger infrastructure installations, it can be hard to tell. I suppose you could have an engineer ssh into every single vm you have and look at the hundred different programs running and see if something might be spiking the cpu but that sounds like a complete pain—not too mention prohibitively expensive—might as well let it run at that rate. This problem can easily be exacerbated if your organization is using cloud infrastructure or your company has bought into the container hype. In cloud environments it’s trivial to spin up a lot of resources and then spin them down again. There is a strong chance that if an attacker has infiltrated a cloud instance they now have access to spin up new VMs on demand. Indeed it’s very common for developers to be lax about permissions and install the toolsets and credentials necessary inside the vm environments since they think they are safe just because they are using Google or Amazon’s infrastructure—they’re actually less safe.
Containers make the problem even worse because they are ephemeral by nature—they’re designed to come and go with new deployments. Scripts can run the cryptojacking code at night and spin them down during the day so no one notices until you get a ridiculously large cloud bill from your rich uncle, Jeff Bezos.
A newer technology that is picking up speed, unikernels can help defend against these attacks. Unikernels stop server-side cryptojacking attacks through their so-called “single process” model. That is—they are designed to only run one program per virtual machine—this is enforced at the hardware level. This design prevents any other programs from running—such as cryptojacking miners. Older linux and windows environments are actively hostile to your infrastructure allowing anything that can make it to the server to be runnable. This happens all the time.
Other methods include staying on top of patch management issues. A good DevOps employee will be able to maintain software and keep it up to date but be aware that a good DevOps employee is also more expensive than even a normal software engineer. Also, be aware that a portion of the cryptojacking attacks we’ve seen have actually been initiated by insiders trying to earn a few extra bucks and thinking no one would be the wiser. The cloud is expensive after all.
Cryptojacking is a newer threat that we all now have to deal with thanks to the rise of cryptocurrency—don’t let it hide in your infrastructure.
About the Author
A self-taught expert in computer science, specifically operating systems and mainstream security, Eyberg is dedicated to initiating a revolution and mass-upgrading of global software infrastructure, which for the most part is based on 40-year-old tired technology. Prior to cracking the code of unikernels and developing a commercial viable solution, Eyberg was an early engineer at Appthority, an enterprise mobile security company. He also worked for Bluff.com doing poker analytics and studied computer science briefly at the University of Missouri-Rolla before pursuing a call to travel the world. For more information about San Francisco based NanoVMs, visit www.nanovms.com.