Right now, as you read this, hackers may be targeting your website to illegally tap your processing power to mine digital currency.
This year, we've seen an unprecedented number of cryptomining and cryptojacking attacks. Tesla was a victim of cryptojacking, and a webpage on the Los Angeles Times website was found to be harnessing visitors' machines to mine cryptocurrency, unbeknownst to its owners.
Escalating cryptocurrencies value have encouraged hackers to expand their focus from utilizing malware to steal data and impose ransoms, to employing clever tools and techniques to gain access to the computing power of enterprises to generate cryptocurrency paydays.
Hackers on the Hunt for Cryptomining Power
According to a recent Symantec report, the biggest cybersecurity trend in 2017 was the cryptomining explosion, with detections of coinminers on endpoint computers in 2017 increasing by a staggering 8,500 percent.
Cryptojacking is the unauthorized use of another person's or organization's machine to mine cryptocurrency. Hackers gain access by creating JavaScript code that launches a coinminer, and injecting it into a website or online ad. When a victim browses the site, the script launches a coinminer on the endpoint or network and surreptitiously diverts organizational resources to the cryptojacker's mining operation.
The implications for the enterprise can be severe, yet surprisingly hard to detect. Slower performance and increased latency may not be noticed for quite a while, mistakenly attributed to a variety of causes, and require hours to pinpoint correctly. For companies that utilize cloud-based computing, a sharp spike in CPU usage costs may be the first indication that they've been cryptojacked. And in some cases, hackers leverage cryptomining scripts to lay the groundwork for future malware or ransomware attacks.
Isolating Cryptomining Where It Cannot Persist
Today's defense-in-depth portfolios, featuring anti-virus solutions, firewalls, URL filtering, and secure web gateways, are largely powerless to fight the cryptojacking plague since they cannot reliably detect cryptominer launch code, or stop it from auto-executing within endpoint browsers. An added layer of security is essential to augment defense-based security offerings and serve as the missing link to an impenetrable endpoint protection strategy.
Remote Browser Isolation (RBI) technology differs from most traditional solutions in that it does not aim to distinguish between safe code and malware. Rather, all browsing occurs within remote browsers, in disposable containers located outside of the network in a cloud or DMZ. Websites are rendered by the virtual browser away from the endpoints, and streamed to user device browsers for a native and interactive web browsing experience. At the end of each browsing session or after a preset period of inactivity, the containers, including browsers and all website code, benign or malicious, are destroyed.
Cryptominers can be activated within remote browser containers. However, the harm they can do is severely curtailed. First, each container is allocated only the bare minimum resources required for just one browsing session, and destroyed within minutes. As a result, both the resources available for cryptomining and the duration during which mining can occur are too trivial to impact overall processing power and costs. And of course, because cryptominer code never reaches the endpoint, it cannot penetrate from there onto organizational networks.
Integrating remote browser isolation in existing IT security frameworks enables businesses and other organizations to rest assured that their users and computing resources are protected from cryptojacking, as well as all other fierce and intractable browser-borne malware attacks.
