Protect against cryptojacking
Expel-validated security alerts and guided investigative actions
Cryptojacking … the who, what, and why.
Cybercriminals: they’re always looking for new ways to make money. We often hear about holding data or systems for ransom. But what about cryptojacking? It’s when a threat actor steals your organization’s computing resources/power and uses it to mine various crypto-currency blockchains. The bad news: it can slow your network way down, and even shut down critical processes.
The attack can be pretty straightforward – no need to escalate privileges or move laterally to get to the host with the secret they need. As our end-of-year report indicated, 35% of the web application compromise incidents we saw in 2021 resulted in deployment of various cryptocurrency coin miners. It’s a sweet gig for the bad guys, too: after the miner is deployed, they can sit back, relax, and watch the money pile up.
How do they get in? Public application exploitation. Access key compromise. Phishing emails. USB devices. These are just some of the ways. And the list grows every year.
How Expel spots cryptojacking attacks
We set up alerts for process command line arguments, strange process lineages, and network connections to well-known cryptojacking pool domains or to access cryptojacking utilities through multiple detection sources like EDR. We look for behavioral patterns. Then our bots, Josie™ and Ruxie™, get to work and automatically enrich and triage alerts, surfacing up Expel-validated alerts. We notify you of alerts that matter and will automatically remediate the incident (unless you prefer to handle remediations yourself).
Recently our SOC detected miners for the Monero blockchain, SolarMarker, Emotet, and Asyncrat – the top malware families.
Results. Not more alerts to handle.
Identify and remediate compromised accounts and access, unusual behavior and more.
Fortunately, attacker entry points for cryptojacking overlap with those for other threat types like ransomware, so focused efforts to reduce your cryptojacking attack surface can help protect against multiple problems.
With cryptojacking on the rise, we walk through why we’ve found Palo Alto Networks next- generation firewall is great at detecting it, and some actions we’ve integrated into our detection bot to help.
QUARTERLY THREAT REPORT
This Q1 report delivers intelligence on some of the most active attack vectors our SOC leadership team observed.