Live Demo
Blog   >   Application Infrastructure Protection   >   6 Ways to Prevent Crypto Mining and Other Cyber Attacks

6 Ways to Prevent Crypto Mining and Other Cyber Attacks

Cyberattacks, especially crypto mining, are increasingly appearing in the news. While hackers are figuring out ways to steal hundreds of millions of dollars worth of crypto-currency, these attacks also reemphasize that companies are vulnerable to many types of hackers, bad actors, and exploits. The recent Harmony Bridge crypto-currency theft, where more than $100 Million in crypto was stolen (and some is still being transferred) is the latest of these modern-day bank robberies. And while Harmony’s parent company is offering a $1 million reward for the capture of these thieves, cybersecurity industry leaders and experts are quick to point out prevention is not only preferable, but possible.

How Cyber Attacks Happen

While the details of the Harmony cyber-attack are not yet clear, we can look at how these attacks commonly unfold and glean some insight into how they can be prevented. One common method is that AWS keys are compromised and uploaded. A Threat Stack video simulation on crypto-mining points out that AWS keys are often able to be found through a simple search online. Once AWS keys are located and copied, it’s relatively easy for an experienced coder or hacker to use the keys to attack a data center, online bank, crypto firm, or any number of organizations. (Here’s an even more in-depth review of how cloud attacks occur.)

Crypto-Mining and Cyber-Attack Prevention: 6 Suggestions

Besides the crypto-mining / cyberattack video simulation, Threat Stack has seen similar types of attacks occur with our customers, and we can offer specific tips to prevent these in the future. Following the idea that attack “prevention is better than the cure,” here are six practices we suggest organizations should follow to keep your data and assets safe from cyber attacks.

  1. Install software updates and patches
  2. SecOps best practice: Integrate security into each development lifecycle step
  3. Configure Cloud environments and containers properly
  4. Assign and time-limit hard-to-crack passwords to admin consoles (Zero Trust)
  5. Leverage the community: Everybody hurts
  6. Continuously monitor cloud environments and react quickly

Let’s have a practical examination of each of these vital steps: (A video summary starts at about the 17:20 minute mark of this webinar.)

  1. Install software updates and patches Perhaps this is stating the obvious, but it is vital that your DevSecOps teams stay on top of installing the latest software updates and patches. And don’t forget: It’s important to remember and target ALL software inside an actual image. It’s also important that security teams pull out unneeded software, (yes, chances are that there is stuff in the image that you actually don’t need). This includes the smaller packages, and all of the items which are not super-critical. Why? One of the advantages of pulling out this type of software is that the potential attack surface is decreased. We also see that companies which do this often see CapX and OpX savings, as resources don’t need to run those unneeded programs. In other words, organizations don’t need the resources to run some of these bloated images.
  2. Adopt a SecOps best practice: Integrate security into each development lifecycle step It is vital for your cyber-security-focused organization that you make certain security is woven into the DevOps process, even as you’re writing code and especially as you’re pushing code. By making security part of the DevOps process from the beginning, orgs won’t slow anything down, but will keep moving “at the speed of business” by making security an actual part of the DevOps cycle.
  3. Configure your cloud environments and containers properly What organizations really want to focus on is not so much on the host. Instead, you should really focus on the compromised account. The amount of actual damage that happens typically comes from a compromised account. First, nowadays it’s important to adopt a zero-trust policy, making certain your entire organization is aware of it and follows it. Ensure the framework, the security foundation of the house, is properly set up. Then your DevSecOps can rest assured that all the other things around the parameter are really locked down. When that is done, then your security teams can focus on the individual host. As we showed in the cybersecurity breach video example, the ultimate failures in cybersecurity attacks often come down to people and processes, not tech.
  4. Create difficult-to-crack passwords and zero-trust processes It is important that team leads, DevSecOps groups managers, and others, create passwords that are difficult to crack. In addition, your organization should set up standard processes with cybersecurity and zero trust in mind. For example, in setting up projects, it is important to make certain contractors and co-workers have keys that are set to expire. Quite often, these keys get shared out (as part of the job process), and people forget about them. Then the project ends, the contractors leave, and those keys get posted and become public knowledge, just as in the video example.
  5. Leverage the cybersecurity and technology community DevSecOps and security managers should remember: You are not alone. The reality is, IF you’re doing things in the cloud, if you’ve got any data inside the cloud, you’re a target. As the video shows, the ability to spin up servers is fairly easy, programmatically. If a malicious or bad actor knows how to cover their tracks, it could be weeks, or possibly months, before you would even know that some of these things have been spun up. (Threat Stack’s Security Operations Center or SOC can help discover those attacks much earlier). Once an attack like that happens, you’ve had more costs that you’ve had to pay for, basically for someone to be able to crypto-mine inside of your environment. If the object is to steal cryptocurrency, then you have a situation such as what happened with the Harmony crypto-heist or the Ronin / Axie Infinity / Lazarus crypto cyber-theft last spring. It is paramount that you’re able to stay on top of what’s going on, and then share out to the community what’s happening. After that, you need to share best practices (such as we are doing with this blog and video). Remember, at the end of the day, just as you’re not alone with your data, you’re not alone in trying to prevent bad actors from trying to steal it.
  6. Continuously monitor your cloud environments Make certain you have true visibility into your cloud environments. In terms of any type of tech you might be running, make certain that all the data coming out of the tech is viewable, in context, and becomes specifically actionable. It’s important that analysis, models, detection, and prediction activities are focused on where they should be, that you’re monitoring both the parameter as well as the environment itself. Threat Stack Oversight – our 24/7/365 SOC team – is recognized as an industry-leading cloud-native cybersecurity monitoring service. Oversight’s findings detail specific attacks and the team supports our customers in preventing similar incidents from happening in their environments.

And remember: Getting a cryptominer, such as XMRig, dropped into your environment serves as a “canary” warning of sorts, because (1) it’s relatively innocuous and (2) it alerts you to the fact that you have a security issue. This recent Security Operations Center briefing goes inside an active crypto mining malware campaign, including variants of Shellbot. Another Threat Stack cyber security threat briefing, “Inside a Docker Cryptojacking Exploit” takes an even more in-depth look at Docker cryptojacking, how it happens, and what you can do to prevent it. To find out more about how your organization can meet or exceed these 6 best practices and improve your cybersecurity profile, contact us.