320 likes | 339 Views
Explore the current threat landscape affecting technology innovations and the rise of cryptojacking attacks. Learn how cybercriminals exploit cryptojacking for profit and its impact on cloud services, smartphones, and IoT devices. Discover strategies to mitigate the risks and protect your digital assets.
E N D
Security Trends and Threats Affecting Innovations in Technology
𝒜𝓃𝒹𝓇𝑒𝓌 𝒟𝑒𝓇𝒷𝑜𝒷𝑒𝓃 Sr. Director, Head of Global Security Operations Meet Andrew Over 15 Years of Security Experience • Specializing in Security Operations, Incident Response, and Computer Forensics B.S. System & Network Administration – Bellevue University MBA – Cornell University 2
Cybercriminal Attackers intent on making money and often tied to organized crime or other criminal endeavors. These groups are primarily responsible for the current prevalence of ransomware and CRYPTOJACKING Current Threat Landscape – Today’s Discussion
Cryptojacking Overview “Cryptojacking is a form of cyber attack in which a hacker hijacks a target's processing power in order to mine cryptocurrency on the hacker's behalf.” Why Are Attackers Using Cryptojacking? Money: This falls in line with many other types of cyber attacks traditionally seen. Low Risk of Getting Caught: Businesses are reluctant to pursue attackers because data is NOT taken or destroyed. Cryptojacking Definition | Investopedia https://www.investopedia.com/terms/c/cryptojacking.asp#ixzz5KUTh4y4M
Traditional Cyber Attacks vs Cryptojacking • Similarities • Several exploitation techniques and vectors of attack (e.g. phishing, malware, exploiting existing app vulnerabilities) • Attack payloads may involve installation of software on a compromised system • Goal is to make money off the exploit • Differences • Cryptojacking makes it easier for a bad actor to turn an exploit into money. No need to find and sell stolen data. Could mine servers or clients of affected services (Download vs Drive-by) • Cryptojacking is a safer for bad actors as some currencies, such as Monero, can provide anonymity • Depending on environment and attack, it may be harder to detect cryptojacking without proper controls in place.
Traditional Cyber Attacks vs Cryptojacking Cryptojacking Attacks Traditional Attacks
The Good and Bad News Good News: Due to cyber incidents trending towards cryptojacking attacks, attackers are less interested in sensitive data, which needs to be found and sold, and are more focused on using your hardware resources. This type of behavior leads to reduced chances of customer data compromise, brand damage control, or expensive legal situations. • Bad News: Even though cryptojacking attacks may not often result in situations where a company may be fined for data loss, these type of attacks can potentially cost companies as much as or more than a traditional attack. • Hardware usage translated to $$ amount (wear and tear) • Affect services on compromised hardware • Cloud environment: Scalable and charge for usage
Impact to Innovations in Technology Cloud Services Smartphone Ecosystems Internet of Things Personal Assistant Devices (Amazon, Google)
Cryptojacking Impact to Cloud Services http://www.eweek.com/security/crypto-mining-malware-rising-fast-hackers-increasingly-targeting-cloud
Cryptojacking Smart Phones https://blog.trendmicro.com/trendlabs-security-intelligence/monero-mining-hiddenminer-android-malware-can-potentially-cause-device-failure/
Cryptojacking Smart Phones http://www.infosecisland.com/blogview/25130-Crypto-Mining-Malware-Attacks-on-iPhones-Up-400-Report.html
Cryptojacking Impact to Smart Phones Thank you for mining Cryptocurrency on my behalf!
Potential Effects of Smartphone Cryptojacking Source: www.statista.com 67.3% of U.S. Citizens Have A Smartphone In 2018, it is estimated the total number of smartphone users will grow to more than 230 million users in the U.S. alone What happens if .5% of U.S. smartphone users were infected with cryptojacking malware: $460k/month USD
Cryptojacking Internet of Things (IoT) https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-malware-targeting-iot-being-offered-in-the-underground/
Cryptojacking Personal Devices https://www.2-spyware.com/android-crypto-mining-malware-is-targeting-amazon-devices#ref-3!
Why Should You Care? Symantec Threat Intelligence report stated cryptojacking attacks increased by 8500% in 2017, and according to many sources, it has overtaken Ransomware as the preferred form of cyber attack due to its low barrier of entry and ability to easily turn a profit. With cryptocurrency’s growth in popularity in 2017 and the ability to offer anonymity with some coins, its use in cyber attacks continues to increase.
What Can you Do – Cloud Services • Patch/Vulnerability Management • The code needs to be introduced into the environment some way • Monitor for Zero Day vulnerabilities in your environment • Performance Management and Monitoring • Allows detection of abnormal resource usage, which may be indicative of a cryptojacking attack • CPU, Memory, New Processes • Behavior Analysis • Monitoring for abnormal behavior or actions on a system such as suspicious downloads, installations, system commands or processes can help detect potential cryptojacking attacks • Increase in traffic to particular sites • Network Segmentation and Security Controls • Proper network and security controls can reduce the likelihood of successful exploitation and help limit the number of compromised systems in the event of a successful attack
What Can You Do – Smart Phones • Deploy Whitelisting MDM Solution to Monitor Installed Applications • Only allow applications specifically reviewed and evaluated for business purposes only • Perform Website Monitoring/Blocking on Mobile Devices • Block access to malicious, unknown, and unauthorized business related websites • Implement Mobile Device Threat Detection • Have company devices monitored for malicious code/activity • Monitor for high CPU usage on mobile devices
What Can You Do – IoT/Personal Assistant Devices • Network Segmentation and Security Controls • Segment IoT devices away from the production network • Monitor for increased in network activity from IoT networks • Whitelist Required Sites/Destinations Only • Conduct an assessment of the sites/destinations required to be accessed by the device • Only allow the known good/expected sites • Third-party skills servers for Alexa should be only approved by individual basis • Physically Secure Device If Possible • Do not allow non-permitted users to conduct unauthorized actions on the device