Tales from the Crypt – Part 2

What devices are targeted for crypto-jacking and how can you protect yourself and your business from the problems and losses associated with crypto-jacking?  Yesterday we learned about crypto-currency, crypto-mining, and crypto-jacking.  Today we will learn how to secure our computers, devices, and networks from this new exploit.

Target devices.  Really, any device with a network connection and a CPU is vulnerable to crypto-jacking, and this includes computers, servers, networking equipment such as routers and cable/DSL modems, smartphones, tablets, and IoT devices such as digital assistants, smart TVs and media devices, printers, video cameras, etc.

Defensive tactics.  Defending against crypto-jacking basically depends on many of the same tactics that you should already have in place to defend against other exploits.  There is nothing magical about this for of hijacking.  It happens with an email, a malicious, attachment, a link to an infected web page, the usual methods.  The goal of the perpetrator is to gain control of your system or device and add the mining software to your system.  Defensive tactics include:

  • Anti-malware software
  • Patching and updating software and operating systems
  • Strong Passwords
  • Two-factor authentication
  • Change default administrative credentials.
  • Application whitelisting.
  • Recognize unusually high system activity.  This can be monitored easily in Task Manager.
  • Use a firewall.

No real surprises here, the only new entry is using Task Manager and Performance Monitor to check on system activity levels.  You can open Performance Monitor from the search box on the start menu in Windows.

This ends our exploration of crypto-currencies, crypto-mining, and crypto-jacking.  I hope the suggestions we provided are useful.  Good luck, and be careful out there!

More information:

 

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.