Tales from the Crypt – Part 2

What devices are targeted for crypto-jacking and how can you protect yourself and your business from the problems and losses associated with crypto-jacking?  Yesterday we learned about crypto-currency, crypto-mining, and crypto-jacking.  Today we will learn how to secure our computers, devices, and networks from this new exploit.

Target devices.  Really, any device with a network connection and a CPU is vulnerable to crypto-jacking, and this includes computers, servers, networking equipment such as routers and cable/DSL modems, smartphones, tablets, and IoT devices such as digital assistants, smart TVs and media devices, printers, video cameras, etc.

Defensive tactics.  Defending against crypto-jacking basically depends on many of the same tactics that you should already have in place to defend against other exploits.  There is nothing magical about this for of hijacking.  It happens with an email, a malicious, attachment, a link to an infected web page, the usual methods.  The goal of the perpetrator is to gain control of your system or device and add the mining software to your system.  Defensive tactics include:

  • Anti-malware software
  • Patching and updating software and operating systems
  • Strong Passwords
  • Two-factor authentication
  • Change default administrative credentials.
  • Application whitelisting.
  • Recognize unusually high system activity.  This can be monitored easily in Task Manager.
  • Use a firewall.

No real surprises here, the only new entry is using Task Manager and Performance Monitor to check on system activity levels.  You can open Performance Monitor from the search box on the start menu in Windows.

This ends our exploration of crypto-currencies, crypto-mining, and crypto-jacking.  I hope the suggestions we provided are useful.  Good luck, and be careful out there!

More information:

 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.