Expand / Collapse search
Watch TV
Menu

Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital SolutionsLegal Statement.

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. FAQ - New Privacy Policy

Technology
Published | Updated

Cryptocurrency Malware Attacks Spike, Here's How to Keep Your Business Safe

Cryptocurrency may be the most notable success of blockchain technology, but not everything about it is gold. Miners have found a new way to make money for themselves while also reducing their costs. It's easy: They just have you pay for it. What's happening is that hackers install code on a site where you're likely to visit for a long period of time. While you're there, an infected ad will inject cryptocurrency mining software into your computer, where it'll mine for currency while you're trying to do something else.

This practice appeared on YouTube in mid-January and was first reported by researchers at Trend Micro, who said that the DoubleClick ad network was being abused to deliver currency mining malware. The apparent reason was that people tend to stay on YouTube for an extended period, giving the currency mining more time to work.

The malware comes from CoinHive which has become popular among hackers. CoinHive allows the mining software to run on other people's computers and use their resources. Reportedly, the currency mining can suck up about 80 percent of a computer's resources, which leaves enough available that most people still wouldn't notice during casual use.

The Business Cost

But your organization will notice, especially if the illicit cryptocurrency mining starts to spread on your network or especially on your servers. Even if you're paying for data center services, that computing power costs you money to buy, and if you lose capacity because unauthorized software is eating CPU cycles, then you may have to buy more capacity.

It's also problematic if your servers or even your office computers get so bogged down that they can't deliver; then you'll start have trouble operating key processes, which means you could lose business. While that 80 percent load might not be noticed in a consumer computer, you're probably not buying more computing power than you need for business use, so it's far more likely to be an issue. For example, during peak periods when your servers would normally run close to flat out, they'll suddenly just be sort of flat.

Complicating the issue is the fact that many of the hackers that use CoinHive distribute it from other people's servers as well. This means that, if you're not protecting your public-facing servers, then you could find that a hacker has installed it on your website. You could inadvertently end up passing it along to your customers, who probably would not be thrilled to know they got it from you.

The most common way this malware makes it into servers is through vulnerabilities in Apache Struts or DotNetNuke, according to the folks at Trend Micro's TrendLabs. In case this sounds familiar, it was a Struts vulnerability that led to the breach at Equifax. Essentially, a hacker finds an unpatched website and installs the malware, which then transfers it to visitors.

Protect Your Systems

Fortunately, there are things you can do. The first, and the one that seems to defy correction most widely, is to patch your systems. The vulnerabilities in Struts and DotNetNuke have both been patched, but there are a lot of unpatched systems out there.

In addition, you'll need to confirm that your servers and office computers have been patched. This may be more complex than normal, what with all of the other patches related to the Intel vulnerabilities flying around. But nobody's exploiting those Intel problems, but they are using every exploit they find to make money with cryptocurrency mining.

It's worth noting that the vulnerabilities that are being exploited for currency mining affect both Linux and Windows machines, so you'll need to patch all of your servers regardless of the operating system (OS).

You'll also need to make sure you have endpoint protection installed on all internet-connected endpoints with updated anti-malware in place to keep the currency miners out. The way Trend Micro found the YouTube infestation was through a huge spike in blocking activity on that service and subsequent complaints. Trend Micro and other services, such as Malwarebytes, provide enterprise versions of their software for purposes such as this.

Train Your Staff

Next, train your staff with two goals in mind. First, they need to know that if they get blocked from a website by your anti-malware package, then the solution is not to turn off the anti-malware protection and hit the site anyway. Instead it's to tell the security staff what they found.

The second is to pay attention to unusual behavior on the computers they use, especially any instances of sudden bad performance. Cryptocurrency mining really loads down the CPU on a computer and a sudden slowdown may be the first sign.

Finally, it's important to pay attention to your monitoring software. Typically, one of the parameters that these packages monitor is CPU load so, if you see yours suddenly spiking for no specific reason, then maybe currency mining is the reason. You should also pay attention to your network monitoring software because those crypto coins have to be uploaded somehow. And if the computers on your network are mining, then it's your network that will be delivering.

Fortunately, crypto jackers (as they're called) rarely let their software deliver things like ransomware. The reason is that they want to use your computer as long as they can. After all, you're their cash cow and they want to keep the milk coming.

This article originally appeared on PCMag.com.