For years, attacks on data centers have been fairly easy to spot. But as the popularity of ransomware fades away, there's a new, insidious threat called cryptojacking. Here's what it's all about.
Forget Ransomware, This is the New Threat
For the past few years, ransomware has gotten a lot of news coverage due to attacks like WannaCry or NotPetya. WannaCry almost crippled the British National Health Services (NHS). NotPetya was used by Russia to target Ukraine, but it ended up affecting multinational companies all around the world. These large-scale ransomware attacks have made data center managers aware of the risk factors. Many have responded by creating more robust backups and planned redundancies to prevent such attacks. But now data centers are facing a new threat - cryptojacking. According to a Skybox Security Report, cryptocurrency-related crimes make up about 32 percent of cybersecurity breaches while ransomware accounts for only eight percent of the breaches. However, victims of cryptojacking might not even realize they are being exploited. This new threat is turning into a silent epidemic and data centers are at high risk.
Cryptojacking: A Short Primer
Cryptocurrencies are essentially digital money created on computers. However, if everybody could create them, then they wouldn’t have much value. So, artificial scarcity is created by making cryptocurrencies hard to produce. The process is known as mining. Crypto miners use computing resources to solve complex mathematical problems before they are given the right to produce cryptocurrencies. In return, miners get portions of the cryptocurrencies they create.
The use of computing resources means infrastructure and energy costs. Miners are willing to invest in these resources because the cryptocurrencies they get in return are valuable. However, some miners realized that if they can run the computing on other people’s machines, then all the cryptocurrencies they produce would be pure profit. Thus, the new security threat of cryptojacking was born.
In cryptojacking, the miners use the victims computing resources to run the mathematical computations. The victims might not even realize their computers are being used for cryptocurrency mining.
Cryptojacking attack can come in many forms. It can be a worm, like PhotoMiner. Or it can be a botnet like Bondnet or hidden scripts like Hexmen. There have also been known brute force attempts made by cryptojacking malware. Operation Prowli is a great example of this.
Data Centers Are at Higher Risk
Initially, cryptojackers targeted individuals. If you visited a malicious website, the cryptojacking code would start running on your computer. The applications were simple. However, as more people noticed the slowdowns, the applications became more sophisticated. Worms and malware based cryptojacking tools began to show up. Also, the cryptojackers realized that they can make more money with a large number of servers, making data centers - both cloud and on-premises - prime targets.
For an individual, the effect of cryptojacking can be trivial. They might see a slowdown on their computer. They might not even notice the slight increase in their energy bill. But for data centers with hundreds and thousands of computing resources, the energy cost of a cryptojacking attack can have an enormous impact.
Take Proactive Steps
When a data center is under ransomware attack, the data center staff knows about it instantly. With cryptojacking, the story is different. There are no immediate visible signs. Data centers can be under attack for months or years without realization. The answer is to implement better monitoring processes to make sure you know when a resource is showing abnormal use, which will help avoid large utility bills. Also, data center managers can use better access and grouping policies to make sure they know the resource allocations for the individuals and teams. It will help managers better detect signs of misuse or overuse.
Cryptojacking is Here to Stay
Cryptojacking is a very lucrative cybercrime. It's almost like creating money from thin air. By putting proper safeguards in place, data centers can go a long way toward protecting themselves from this growing threat.