Trending keywords: security, cloud, container,
- K8s Security Fundamentals (101)
- Secure K8s Architecture
- RBAC
- Admission Controllers
- Compliance (KSPM)
- Securing Cluster Components
- Runtime Security
- Network Security
- Audit Logs
- Security Contexts
- VMware Kubernetes
- GKE security
- EKS security
- AKS security
- Containers vs VMs
- Docker alternatives
- Serverless security
- AWS Fargate vs EKS
- What is Policy-as-Code?
- AWS Redshift Security
- What Is Cloud Security Posture Management (CSPM)?
- Cloud Compliance and Governance
- Cloud Security Monitoring
- Cloud Infrastructure Security
- Cloud Audit Logging
- AWS Cloud Security
- How To Ensure your AWS Lambda Security
- How Does AWS S3 Security Work?
- AWS IAM Inline Policies vs. Managed Policies
- How to Secure AWS Fargate
- How to secure AWS EC2
- How to Secure Amazon RDS
- Amazon EBS Encryption
- AWS Elastic Load Balancing Security
- Azure Cloud Security
- GCP Cloud Security
- IBM Cloud Security
- Infrastructure as code security
- What Is Cloud Infrastructure Entitlements Management (CIEM)?
- CNAPP: A Guide to Cloud Native Application Protection Platforms
- OWASP Kubernetes Security Projects
- Cloud Migration Security
- Cloud-Native vs. Third-Party Cloud Security Tools
- What is an Open Policy Agent (OPA)?
- AWS CloudFront Security
- Securing AWS CloudTrail
- What is a DoS Attack?
- What is Multi-Cloud Security?
- What is the Secure Software Development Lifecycle (SSDLC)?
- What is Terraform?
- Container Threat Detection
- Containerized Architecture
- Docker 101: The Docker Components
- Docker Container Alternatives for 2022
- Managing Container Security
- Securing Your CI/CD Pipeline
- What are Container Runtimes?
- What Is Docker Alpine?
- What is a Container Registry?
- What Is Container Security?
- What is a Docker Registry?
- What Is DevSecOps?
- What Is Supply Chain Security?
- Components of Kubernetes
- How to Create and Use Kubernetes Secrets
- Kubernetes API Overview
- Kubernetes ReplicaSets overview
- Kubernetes StatefulSets Overview
- What is a Kubernetes Cluster?
- What is a Kubernetes Pod?
- What is a Kubernetes node?
- What is Helm in Kubernetes?
- What Is K3s?
- What is Kubernetes ConfigMap?
- What Is Kubernetes Networking?
- What Is MicroK8s?
- What Is Minikube?
- What Is the Kubernetes Dashboard?
- What is Istio?
- What Is Virtualized Security?
- What is Threat Detection and Response (TDR)?
- AWS vs. Azure vs. Google Cloud: Security comparison
- What is DFIR? Digital Forensics & Incident Response
- What is Threat Hunting?
- Cryptomining vs. Cryptojacking
- EDR vs. XDR vs. SIEM vs. MDR vs. SOAR
- What is the MITRE ATT&CK Framework and how do you use it?
- What is Cloud Intrusion Detection?
- What is Cryptojacking?
- K8s Security Fundamentals (101)
- Secure K8s Architecture
- RBAC
- Admission Controllers
- Compliance (KSPM)
- Securing Cluster Components
- Runtime Security
- Network Security
- Audit Logs
- Security Contexts
- VMware Kubernetes
- GKE security
- EKS security
- AKS security
- Containers vs VMs
- Docker alternatives
- Serverless security
- AWS Fargate vs EKS
- What is Policy-as-Code?
- AWS Redshift Security
- What Is Cloud Security Posture Management (CSPM)?
- Cloud Compliance and Governance
- Cloud Security Monitoring
- Cloud Infrastructure Security
- Cloud Audit Logging
- AWS Cloud Security
- How To Ensure your AWS Lambda Security
- How Does AWS S3 Security Work?
- AWS IAM Inline Policies vs. Managed Policies
- How to Secure AWS Fargate
- How to secure AWS EC2
- How to Secure Amazon RDS
- Amazon EBS Encryption
- AWS Elastic Load Balancing Security
- Azure Cloud Security
- GCP Cloud Security
- IBM Cloud Security
- Infrastructure as code security
- What Is Cloud Infrastructure Entitlements Management (CIEM)?
- CNAPP: A Guide to Cloud Native Application Protection Platforms
- OWASP Kubernetes Security Projects
- Cloud Migration Security
- Cloud-Native vs. Third-Party Cloud Security Tools
- What is an Open Policy Agent (OPA)?
- AWS CloudFront Security
- Securing AWS CloudTrail
- What is a DoS Attack?
- What is Multi-Cloud Security?
- What is the Secure Software Development Lifecycle (SSDLC)?
- What is Terraform?
- Container Threat Detection
- Containerized Architecture
- Docker 101: The Docker Components
- Docker Container Alternatives for 2022
- Managing Container Security
- Securing Your CI/CD Pipeline
- What are Container Runtimes?
- What Is Docker Alpine?
- What is a Container Registry?
- What Is Container Security?
- What is a Docker Registry?
- What Is DevSecOps?
- What Is Supply Chain Security?
- Components of Kubernetes
- How to Create and Use Kubernetes Secrets
- Kubernetes API Overview
- Kubernetes ReplicaSets overview
- Kubernetes StatefulSets Overview
- What is a Kubernetes Cluster?
- What is a Kubernetes Pod?
- What is a Kubernetes node?
- What is Helm in Kubernetes?
- What Is K3s?
- What is Kubernetes ConfigMap?
- What Is Kubernetes Networking?
- What Is MicroK8s?
- What Is Minikube?
- What Is the Kubernetes Dashboard?
- What is Istio?
- What Is Virtualized Security?
- What is Threat Detection and Response (TDR)?
- AWS vs. Azure vs. Google Cloud: Security comparison
- What is DFIR? Digital Forensics & Incident Response
- What is Threat Hunting?
- Cryptomining vs. Cryptojacking
- EDR vs. XDR vs. SIEM vs. MDR vs. SOAR
- What is the MITRE ATT&CK Framework and how do you use it?
- What is Cloud Intrusion Detection?
- What is Cryptojacking?
Cryptomining, a process at the core of many blockchain-based systems and applications, can require huge amounts of computing power – so many, in fact, that attackers sometimes seek to offload the costs of cryptomining to unsuspecting organizations by performing mining operations on their infrastructure without permission.
When this happens, a cryptojacking attack occurs. Cryptojacking can deprive organizations of the computing resources they need to conduct legitimate operations. It can also leave them with huge and unexpected bills, especially if they use cloud-based infrastructure that is priced on a pay-as-you-go model.
That’s why methods for identifying and preventing cryptojacking should be a part of modern cybersecurity strategies. This article explains how cryptojacking works, how it relates to cryptomining, and which steps organizations can take to protect themselves against cryptojacking attacks.
What Is Cryptomining?
To understand cryptojacking, you must first understand cryptomining. Cryptomining is the process used to create new digital coins within a cryptocurrency system like Bitcoin.
How Cryptomining Works
The exact cryptomining process varies from one cryptocurrency system to another, but in most cases, cryptomining involves performing complex mathematical operations to solve a cryptographic puzzle. Devices crunch numbers until they solve the puzzle using a brute-force approach.
For some cryptocurrencies, the cryptomining process is competitive, meaning that multiple computers or other devices compete to solve a puzzle first. The winner is rewarded with cryptocurrency.
Types of Cryptomining
Cryptomining can be broken into categories depending on how the mining takes place:
- CPU mining: CPU mining is the most basic form of cryptomining. It involves performing mining operations locally on a device with conventional CPU – such as your PC or laptop.
- GPU mining: In GPU mining, mining operations are accelerated using graphical processing units.
- ASIC mining: ASIC mining uses specialized hardware designed to optimize mining operations.
- Cloud mining: Cloud mining allows cryptomining operations to be outsourced to cloud infrastructure.
Resource Requirements for Cryptomining
For most mainstream cryptocurrencies, solving the cryptographic puzzles at the heart of cryptomining requires substantial computing resources. In fact, for cryptocurrencies like Bitcoin, cryptomining operations have become so intense that cryptomining on conventional computers is no longer feasible. Instead, most Bitcoin mining today takes place on specialized “mining rigs” that use GPU or ASIC acceleration to speed mining operations.
Cryptomining and Energy Consumption
High consumption of compute resources for cryptomining leads to high energy consumption rates, too. Bitcoin mining, for example, currently consumes about 0.55 percent of the world’s entire electrical energy output, which is about the same as a small country like Sweden.
What Is Cryptojacking?
As long as you perform cryptomining on computing infrastructure that you have permission to use, you are not doing anything wrong. However, when cryptomining takes place without the permission of the infrastructure’s owners, it becomes cryptojacking.
Cryptojacking is the hijacking of someone else’s compute infrastructure to mine cryptocurrency. In other words, if you start mining digital coins on someone else’s computer, server, or cloud, you’re cryptojacking.
How Cryptojacking Works
To perform cryptojacking, attackers must first find a way to install and run cryptomining software on a target’s infrastructure. They could do this by exploiting software vulnerabilities that give them unauthorized access to a device’s host operating system, for instance, or by hiding cryptomining code inside other, legitimate applications that users install.
From there, the cryptojacking software runs in the background, often with the help of techniques designed to mask its presence. The attackers who planted the software configure it so that the coins it mines are placed into their digital wallets.
Types of Cryptojacking
Cryptojacking can be categorized based on the way cryptojacking attacks happen:
- Host-based cryptojacking: Attackers who compromise a host system to install cryptojacking software perform host-based cryptojacking.
- Browser-based cryptojacking: If cryptojacking originates using a browser vulnerability or runs as a subprocess of a compromised Web browser, it’s browser-based cryptojacking.
- Cloud cryptojacking: When cryptojacking takes place on cloud infrastructure, such as VM instances running in a public cloud, it’s a cloud cryptojacking attack.
Cost of Cryptojacking
Cryptojacking costs organizations money in three main ways:
- Infrastructure costs: In a highly scalable infrastructure, such as a public cloud IaaS environment, compute resources may automatically scale up in order to accommodate cryptojacking activities. They do this because they are configured to scale up when their load increases, and autoscaling policies have no way of knowing whether the cause of the load increase is legitimate or not. Because cloud customers typically pay for compute resources based on how many they consume, a scaling up of resources leads to higher bills.
- Energy costs: In an on-premises environment, businesses have to pay for the energy required to power and cool their servers. Cryptojacking leads to a spike in energy consumption due to increased CPU utilization, which translates to higher energy bills for the company.
- Loss of revenue: By depriving legitimate workloads of the resources they need to run efficiently, cryptojacking can lead to revenue loss. For example, if cryptojacking software runs on a server that hosts an eCommerce website, the website may become less responsive to customer requests because the server resources it needs to run well are being directed toward cryptojacking. As a result, the business that owns the site loses revenue.
What’s the difference between Cryptomining and Cryptojacking?
The difference between cryptomining and cryptojacking is simple: cryptomining is a legitimate activity, and cryptojacking is not.
To put this another way, cryptomining is an activity undertaken by an individual or organization that voluntarily chooses to use computing infrastructure to mine cryptocurrency. There’s nothing legally or ethically wrong with doing this.
In contrast, cryptojacking is the unauthorized use of infrastructure to mine cryptocurrency. Doing so is wrong from an ethical standpoint. It’s also a form of fraud that can be criminally prosecuted in most jurisdictions.
Best Practices for preventing Cryptojacking
The best way to protect your organization from cryptojacking is to ensure that cryptojackers can’t invade your infrastructure in the first place. Best practices for hardening servers, computers, and other devices against cryptojacking attacks include:
- Enforce least privilege: A policy of least privilege minimizes the access rights that different users inside your organization have to IT resources. In turn, it reduces the risk that a compromised account can be used to launch a cryptojacking attack.
- Use zero trust: Zero trust, a security strategy that involves isolating devices on a network until they are explicitly validated to be trustworthy, helps prevent vulnerable devices from introducing cryptojacking software to your IT environment.
- Scan software: Software scanning surfaces vulnerabilities that attackers might exploit to install cryptojacking software.
- Know your software supply chain: To ensure that the upstream software components (such as open source libraries) that you depend on do not contain cryptojacking code, it’s important to maintain visibility into your software supply chain.
How to detect Cryptojacking
If you’re worried that cryptojackers are already active inside your IT estate, there are several effective means for detecting cryptojacking activity.
Performance Monitoring
Since cryptojacking triggers an increase in CPU utilization, performance monitoring can surface cryptojacking attacks. If you notice a sudden spike in CPU usage that can’t be explained by changes to a legitimate workload, cryptojacking could be the cause.
Scanning
Scanning devices for suspicious software can reveal cryptojacking operations. Although many cryptojacking programs are designed to evade easy detection (by, for example, operating using process names that emulate those of legitimate applications), advanced scanning tools are effective at uncovering cryptojacking software.
Honeypots
Honeypot environments, meaning IT resources that are designed to look like real production environments but which actually exist for the purpose of luring in attackers, can help you identify the patterns and techniques that cryptojackers are using to infiltrate your network. If you detect crypojacking software within a honeypot environment, you can look for similar activities on your production resources to catch cryptojacking there.
Conclusion
On its own, cryptomining is a perfectly legitimate activity. But when cryptomining turns into cryptojacking, businesses can suffer significant harm. To manage this risk, IT security strategies should harden environments against cryptojacking attacks while also monitoring for cryptojacking to detect attacks that slip past defenses.