Beware of ‘Cryptojackers’ infiltrating consumer devices to mine virtual currencies

Monday, 22 October 2018 00:00 -     - {{hitsCtrl.values.hits}}

  • Fortinet cautions users in Sri Lanka to fortify cyber security for computers, media devices and internet-enabled appliances at home

Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, has issued a security alert that cybercriminals are now targeting media devices and unsecured IoT devices for cryptomining as many of them use powerful GPUs to decode and transcode content in high-resolution formats. Media devices are especially attractive targets due to their use of powerful GPUs combined with lax home security. And because they tend to always be powered on, there is a lot of downtime that can be exploited without detection.

Cryptojacking is a new technique where cybercriminals sneak malware into computers and other media devices, and then hijack the computer’s processing power to perform crypto-mining. The number of reported cases is rising and cybersecurity experts are warning individuals and businesses about the danger.

“Cryptojacking has become a growing concern. Cybercriminals aren’t satisfied with the available supply of vulnerable servers and PCs to hijack in order to mine their favourite cryptocurrency. So, they have added another rich source of computational horsepower to their arsenal—IoT devices,” said David Maciejak, Director of Security Research, Fortinet.

Due to the explosion in Internet of Things (IoT), which is projected to connect up to 20.4 billion devices globally by 2020, more and more electronic devices in homes are being connected to a network or Internet. 

According to Fortinet’s FortiGuard Labs, Hide ‘N Seek (HNS) could be the first in-the-wild malware to actively target vulnerabilities in home automation solutions. HNS is an IoT botnet which targets routers, IP cameras, DVRs, as well as cross-platform database solutions and smart home devices.

“As our work and social networks expands and the potential threat footprint in our homes continues to grow, it is critical that we take a fresh look at how we could protect from growing number of networks we interact with. With the prevalence of BYOD (Bring Your Own Device), work devices brought home are also subject to greater risk of cyber-attacks,” said Maciejak.

Fortinet recommends three cybersecurity strategies to protect your home networks from cybercriminals:

1. Learn and discover your home network

With the increasing number of portable IoT and other devices being installed or used by family members and friends visiting your home, it may be difficult to know exactly what is on your home network at any given time. Even harder is controlling what they are allowed to do.

There are a number of security tools on the market today designed for the home that can identify devices looking to connect to the Internet through your Wi-Fi network. Many of them can be easily configured to provide them with access to your guest network, while restricting and monitoring the kind of traffic they are generating, the applications and home resources they are able to access, the amount of time they can be connected online, and the places on the Internet they are allowed to connect to.

2. Implement a segmented network 

Ensure that visitors and unauthorised devices are connected to a guest network while critical resources such as financial data, should be isolated from the rest of the network. 

  • Buy separate wireless access points to separate things like gaming systems and IoT devices from your PCs and laptops.
  • Set up a wireless guest network for visitors or new devices. Most access points allow you to restrict access, set up things like firewalls, and monitor guest behaviour.
  • To protect your critical resources, consider purchasing a separate dedicated device that is only used for things like online banking. You could also set up a separate virtual device on your laptop or PC for banking online.
  • As much as possible, keep your work and personal devices separated. Set up a separate connection for work, only connect through a VPN tunnel, and consider encrypting sensitive data traveling back and forth between your home and corporate networks.

3. Protect all critical devices and perform regular updates

Keep a list of all the devices and critical applications on your network, including the manufacturer. Set up a weekly routine to check for updates for physical and virtual devices, operating systems, applications, and browsers.

  • Get antivirus and anti-malware software, keep it updated, and run it regularly. Remember that no software is 100% effective, so set up a regular schedule, say once a month, where you use a second or third security solution to scan your device or network.
  • Get a firewall. Most home security packages include a firewall option. Turn it on. Even the default settings are better than doing nothing.
  • Use good password hygiene. Change your passwords every three to six months. Use an encrypted password locker to store passwords. Use different passwords for different kinds of things. Don’t mix your personal and work passwords.

COMMENTS