Tales from the Crypt – Part 2

What devices are targeted for crypto-jacking and how can you protect yourself and your business from the problems and losses associated with crypto-jacking?  Yesterday we learned about crypto-currency, crypto-mining, and crypto-jacking.  Today we will learn how to secure our computers, devices, and networks from this new exploit.

Target devices.  Really, any device with a network connection and a CPU is vulnerable to crypto-jacking, and this includes computers, servers, networking equipment such as routers and cable/DSL modems, smartphones, tablets, and IoT devices such as digital assistants, smart TVs and media devices, printers, video cameras, etc.

Defensive tactics.  Defending against crypto-jacking basically depends on many of the same tactics that you should already have in place to defend against other exploits.  There is nothing magical about this for of hijacking.  It happens with an email, a malicious, attachment, a link to an infected web page, the usual methods.  The goal of the perpetrator is to gain control of your system or device and add the mining software to your system.  Defensive tactics include:

  • Anti-malware software
  • Patching and updating software and operating systems
  • Strong Passwords
  • Two-factor authentication
  • Change default administrative credentials.
  • Application whitelisting.
  • Recognize unusually high system activity.  This can be monitored easily in Task Manager.
  • Use a firewall.

No real surprises here, the only new entry is using Task Manager and Performance Monitor to check on system activity levels.  You can open Performance Monitor from the search box on the start menu in Windows.

This ends our exploration of crypto-currencies, crypto-mining, and crypto-jacking.  I hope the suggestions we provided are useful.  Good luck, and be careful out there!

More information:



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.