How to Prevent Cryptojacking in Universities?
Malefactors are constantly inventing new attack techniques, and cryptojacking is one of them. No one can say for sure how much cryptocurrency has already been mined illegally. But there’s no doubt the popularity of the practice keeps growing. Wonder how to prevent cryptojacking?
Cryptojacking attack at the Canadian university
The Canadian St. Francis Xavier University in Nova Scotia became a target of cryptocurrency miners. The criminals spread malware thus forcing the educational institution to shut down its computer network for almost a week. This is cryptojacking, a method that malefactors use choosing crypto technology as a major tool in their criminal activity.
The first traces of the hackers’ activity date back to Nov. 1 in 2018, when the university’s network was targeted. Experts discovered attempts of unauthorized mining of an unidentified cryptocurrency. Immediately after that, the university shut down its entire network in order to paralyze any further actions of attackers that could potentially affect the online course system, cloud storage, email services, debit transactions, and Wi-Fi. The university stated that there was no evidence that criminals had stolen any sensitive data.
On Thursday, ITS, in consultation with security specialists, purposefully disabled all network systems in response to what we learned to be an automated attack on our systems known as ‘cryptocoin mining.’ The malicious software attempted to utilize StFX’s collective computing power in order to create or discover bitcoin for monetary gain.
The university’s statement published on Nov. 4.
Cryptojacking is a technique that seems to gain great popularity. Educational institutions fall into attackers’ criteria to become future victims along with other organizations. Before we talk about the ways how to prevent cryptojacking, let’s see how these techniques work in practice.
One of the main peculiarities of cryptojacking malware is the fact that the scripts do not damage computer systems or data by stealing CPU processing resources. Slower computer performance will not strike a common user as suspicious and may just expose to annoyance. When trying to solve the performance issue, large organizations may spend a lot of money tracking down performance issues and replacing components or systems before they find out the real cause. This means that detecting cryptojacking attempts might be really difficult.
How to prevent cryptojacking in universities? What can be done in order to lower any risks of falling a victim of cryptojackers? Just like in case with ransomware, anyone can become a victim of cryptojacking in universities despite the best efforts to avoid it. Schools and universities are no exception. While there is always a place for chances of being attacked, the following methods can reduce this possibility.
How to prevent cryptojacking
- Install an ad-blocking or anti-cryptomining extension on the web browsers. Cryptojacking scripts are often delivered through web ads and installing an ad blocker can help a lot. What is more, several ad blockers, such as Ad Blocker Plus, are able to detect crypto mining scripts. No Coin and MinerBlock extensions can block cryptomining scripts.
- Update your web filtering tools regularly. In case you identify a web page that is spreading cryptojacking scripts, make sure all your users are blocked from accessing it.
- Apply endpoint protection that is designed for detecting known cryptominers. The majority of the endpoint protection and antivirus software developers have added crypto miner detection to their software. This way there is a good chance cryptojacking code will be detected. However, cryptominers are constantly inventing new techniques to avoid detection at the endpoint.
- Additionally it is recommended to incorporate the cryptojacking threat into the security awareness training and pay attention to phishing-type attempts to load scripts onto victims’ computers. This may help is case technical solutions fail.
While these pieces of advice can help your organization reduce the cyber risks, they do not guarantee the complete safety as attackers are always coming up with new hacking (and in this case cryptojacking) ideas. Still, never neglect any security recommendations as they might be the ones that will save your system from being attacked one day.