As the years progress, threats to the safety of our data and critical digital assets change and increase, and are becoming more sophisticated and technical. It seems as though whenever experts believe that they have found a preventive solution to one particular threat, another appears almost instantly. Those who seek to cause trouble have not only stepped up their game in terms of how this is executed, but have also narrowed their focus in terms of purpose.

The Latest Threat

The latest in a long line of malware-inspired acts is cryptojacking – the malware-based, sneaky and unauthorized use of a person’s CPU and computing power for the purposes of mining cryptocurrency, which results in higher energy consumption and performance lag. Ransomware was once the bad guy (executing unauthorized and illegal encryption of data, followed by ransom demands for bitcoins), but cryptomining has surpassed it. Quiet and stealthy, cryptomining involves a similar vector and method to ransom malware – but according to McAfee Labs September 2018 Threats Report, it is silent cryptomining which is the new business  model.

The potential damage that cryptomining malware can cause to an enterprise cannot be underestimated. The unlawful and non-consensual drainage of power presents a significant growth in expense, for power and even for public cloud services may rise significantly, if attackers install cryptomining bots on cloud instances. However, the real risk is that malware already exists silently within many devices, quietly waiting to be activated.

Two Methods

The purpose of cryptojacking, regardless of method, is to mine for cryptocurrency by running complex mathematical problems on the victims’ computers, and gain “earned” rewards. There are two methods of secretly mining cryptocurrencies on users’ computers. One is to trick users into loading cryptomining code onto their computers using phishing-like tactics to install malware, where the victim receives what appears to be a legitimate email that encourages them to click on a link. By clicking the link, the victim unknowingly triggers a code, which embeds the cryptomining script on the computer, and runs in the background, unknown to the victim. The other method is similarly insidious, if not more so. Rather than having existing malware on your computer, cryptojackers inject a script on a webpage or an ad delivered to multiple websites. When the victims visit the website, or the infected ad pops up in their browsers, the script automatically executes. No permanent code is stored, nor any malware installed on the computers of the victims, meaning it is undetectable by file-based security solutions.

A white paper issued by the Cyber Threat Alliance includes the following extremely astute points: “The Illicit Cryptocurrency Mining Threat”:

“illicit mining is a drain on the resources in anyone’s enterprise, increasing the workload and the risk of physical damage on IT infrastructure, causing higher electrical bills, and decreasing the productivity of the business operations that rely on computing power… Illicit cryptocurrency mining is the figurative canary in the coal mine, warning you of much larger problems ahead…”

So Where Does Israeli Innovation Come In?

Since the most popular attack vector of cryptomining malware is phishing, email and messaging security solutions, such as BitDam and IronScales, or content disarm and reconstruction solutions, such as the one offered by Votiro, can block many infection attempts. There are also solutions that raise the awareness of employees to attempted phishing attempts, such as Cymulate.

Since it is nearly always impossible to fully prevent attackers from penetrating a network, it is highly recommended to implement post-infection solutions that detect and remedy malware infections. Both the Endpoint Detection and Response (EDR) and Endpoint Protection Platforms (EPP) families of solutions can be beneficial in this, using advanced threat detection, and investigative and response capabilities based on machine learning. There are many Israeli leading vendors in this domain, including Cybereason, SentinelOne, Check Point’s SandBlast, EnSilo, and Deep Instinct. Additionally, Minerva Labs’ Anti-Evasion Platform helps limit the infection of malware across a network.

Network Traffic Analysis and Monitoring solutions aggregate data from many points inside the network and at the perimeter, and are thereby able to detect cryptomining activity. SecBI’s solution analyzes network data and can reveal cryptojacking activity at the level of the network.

Companies such as ChameleonX and Namogoo, offer client-side security solutions for website owners, and can be very useful in detecting and removing malicious scripts, which help website owners prevent browser-based cryptomining script execution, ensuring that no malicious scripts are running as part of their web pages.

Head on over to Start-Up Nation Finder to find out about more information about these and many other innovative Israeli Cybersecurity companies.

Nir Falevich is the Cybersecurity Sector Lead at Start-Up Nation Central. His aim is to connect business and government leaders with the people and technologies in Israel’s Cybersecurity sector that can solve the most pressing challenges. Prior to his role as a research analyst at Start-Up Nation Central, he was Business Intelligence Developer at Ginger Software, a US and Israel-based ed-tech software company. Prior to that, Nir served in several positions in IDF’s Technology & Intelligence Unit 8200. Nir holds a B.A. in Philosophy, Political Science and Economics (PPE) from the Hebrew University.