One form of ransomware quickly making a name for itself is cryptojacking. With this type of attack, bad actors work to take over any system with processing power for the purpose of harnessing it to mine for cryptocurrency.
How Does Cryptojacking Work?
Crypto, or coin mining, is a popular activity in which the person doing the mining solves a complex coding problem. In turn, the person receives a financial reward. The process of mining comes with loads of system overhead and is very expensive to conduct.
Cryptojackers take over systems to eliminate these costs and to work around having to build or maintain resources themselves. These attackers use an assortment of proven hacking or ransomware-as-a-service (RaaS) toolkits to obtain access to systems. In doing so, attackers gain access to a large volume of data processing power—power specifically for mining.
Often, these activities are spread out to avoid arousing suspicion. While a compromised party may notice small slowdowns within their system, Cryptojackers work to avoid using too many resources from a particular system source. This keeps their victims in the dark longer, helping malicious parties increase revenue streams.
Corporations Are at Risk
While this type of attack may seem better suited for small companies or individuals, it’s moving more into the enterprise space all the time. Some of the most nefarious cryptojacking efforts have targeted well-known names, including:
- Tesla. Its AWS cloud infrastructure was compromised and used to carry out coin mining activities. No impact was reported on customer data or vehicle information.
- SolarWinds SUNBURST. SolarWinds Orion monitoring system was infiltrated by Cryptojackers using the SUNBURST ransomware code against the Orion software update management service.
- Aviva. This British insurer was also compromised via its AWS presence in which attackers took advantage of Kubernetes administration consoles that were not password protected.
Although the attacks differed in various ways, the key point to remember is that most of them could have been prevented by adhering to security best practices, and from understanding how the ransomware tools are evolving.
Linux Is an Increasingly Popular Attack Vector
Perhaps the most concerning aspect of ransomware is the ability of RaaS developers to create destructive code that’s adaptable to new attack vectors. These developers are investing more time in making ransomware code that can be used across multiple platforms.
One such tool is SysJoker, which can target Apple, Linux, and Windows-based operating systems. Linux-based code is being developed to run on Windows-based devices by using the Windows Subsystem for Linux (WSL) to stage and execute the code.
Although these types of attacks are uncommon, the success of this tool plus the airtight support model used by RaaS providers likely mean more are on the way.
An Ounce of Prevention…
Prevention remains the strongest ally in the fight against ransomware. As attacks expand into areas previously though untouchable by malicious code, administrators and security professionals need to perform the proper due diligence to harden their systems.
