Internetwork Engineering Blog

Stand Under Our Cisco Umbrella (Ella, Ella, Eh, Eh)

Written by Derrick Whisel | August 29, 2019

School routines are back in full swing, and I couldn’t help but draw similarities between how we protect the young ones we send off to school and the corporate assets and data leaving our companies.


When we send our children off to school, to their friend's house, or to after-school activities, there are places they’re allowed to go and places they’re not allowed to go. Often, we learn some of these places are not good places. We make these judgements based on reputation, known past incidents, and information shared within our communities. Similarly, when our company's IT users, servers, and services need to access or provide access to either the internet or users outside the company's environment, we need to take into consideration their reputation, past incidents, and information shared throughout the threat intelligence communities to determine whether access should be given or denied.


Unfortunately, criminal cybercrime is on the rise and can make these judgement calls time-consuming and hard to make. Business detection of ransomware increased a mind-blowing 365% from Q2 2018 to Q2 2019, and crypto-mining and crypto-jacking are becoming more common terms that many outside of IT professions are becoming familiar with. If you’re one of the fortunate ones (or unfortunate, depending on how you look at it) to not know what these terms are or the damage they do, let's take a moment to understand them so we can be proactive in preventing them.

RANSOMWARE

Ransomware is malware or malicious software that, if executed on your laptop, desktop, or company servers, can encrypt all the data on that machine. Encryption makes your data accessible only after you pay the owner of the malware the ransom, usually in bitcoin or various other forms of cryptocurrencies. If you don't know how to pay in these methods or own any cryptocurrencies, the software will conveniently provide you with the step-by-step process.

If one of our loved ones were held ransom, we’d do everything within our power to get them back safely. We would receive contact from the criminal and follow all procedures and guidelines for making ransom payments. In both cases, we’d want to make the payment and be done with it. However, a problem would still exist. How would we know that everything is back to normal? If we paid once, why would we not pay again? You wouldn't know, and you could pay again. This is why authorities and/or professionals should always be involved.

What if you discovered that someone was bullying your kid or someone's else's kid by stealing their lunch money? The bully would want to go undetected to milk the lunch money resource for as long as possible. However, the sooner we can detect the problem, the sooner we could stop it. Similarly, our corporate and personal IT devices can be involved in some undetected bullying and robbery of IT resources.

CRYPTO-MINING & CRYPTO-JACKING

What are crypto-mining and crypto-jacking and why should we and our company InfoSec professional be on the lookout?

First, we need to understand the two main methods in which people can make money with crypto-currencies.

1. Trading crypto-currencies.

Trading crypto-currencies is like trading stocks; buying low and selling high.

2. Crypto-mining: Crypto-currency trading transactions

Many devices participate in crypto-currency trading transactions all over the internet. If you or your company’s or school’s devices (high-speed laptops/desktops/servers) participate in a transaction, you get a fraction of a percent of that transaction, directed to a crypto-currency account of your selection, as do all devices involved. This is a very high-level explanation of what crypto-mining is, but it's the profiting of a small percentage of that transaction.


What is and where does the crypto-jacking come in? Well, from a cybercriminal’s mindset, they create or purchase malware on the dark web that runs on a company’s assets, such as laptops, desktops, and servers that remains undetected. Unlike ransomware, which is a lump-sum payment, this crypto-jacking malware runs continuously as it crypto-mines infected devices. It’s able to participate in transactions where small fractions of money are then sent to the criminal's separate crypto-currency account.


As so eloquently explained by Peter Gibbons in Office Space, "So we simplified the whole thing, we rounded them all down, drop the remainder into an account we opened. […] It's very complicated. It's uh it's aggregate, so I'm talking about fractions of a penny here."

 

 

This may seem harmless as it remains undetected but consider the damage it can cause. Your IT asset’s CPU utilization spikes above 80%, which slows down and degrades service, increases your monthly IT circuit costs, and decreases your speed and throughput. It’s then you start to understand that crypto-jacking can secretly rob resources much greater than a one-time ransomware payment, and business is booming for cybercriminals as they remain undetected.

 

PROACTIVE CYBERSECURITY SOLUTION

Parents manage the safety and protection of their children by providing them with rules and policies of permissible and prohibited places and can detect bullying if something is wrong. IT professionals use similar capabilities to safeguard assets and protected information.


With DNS security in place through Cisco Umbrella, we create and set policies to allow specific traffic, applications, and users to access specific areas. If we know the area is associated with ransomware, crypto-mining, malware and/or bad areas of the web and dark web, we can block them. If it's unknown, we can research it, and if we find something or someone else in the threat intelligence community finds something, we all benefit through crowdsourcing.

 

The more sharing through the intelligence community we have and the better integration of security controls in place will allow us the ability to more effectively detect and quickly contain Ransomware and Crypto-Jacking when they happen.


Are you ready to get started with a proactive cybersecurity approach that delivers security anywhere, any way? Reach out to our Security Team. They’re ready to help you protect your people and assets through the right combination of people, process, and technology.