Attackers Still use Drupalgeddon2 Vulnerabilities for Cryptojacking
A vulnerability in Drupal’s content management system was found weeks ago, but as with many patches site owners either don’t know that they need to patch their software or they disregard it as unnecessary. Unfortunately, this is the crux of a widespread problem in recent days that indicate more attackers are using the Drupalgeddon2 exploit to inject cryptojacking code that silently uses viewer computers to mine cryptocurrency.
What is Cryptojacking?
Cryptojacking is a new attack meant to mine digital currency for the attacker. Mining cryptocurrency requires computer resources. These resources limit the amount of currency a miner can obtain from answering computational questions. When these mathematical equations are answered, the miner earns a crytocurrency of his choosing. With Drupalgeddon2, miners usually earn Monero, which is a cryptocurrency that promises anonymity in transactions.
Using computer resources costs electricity, and these electricity costs can skyrocket when mining cryptocurrency. Miners can join groups and pool resources, but even these groups have limited resources. Cryptojacking gives miners a way to pool potentially thousands of computers and using their resources to mine cryptocurrency, which could earn an attacker thousands in digital currency.
Why is Cryptojacking Dangerous for Businesses?
On the surface, cryptojacking seems like the least of any IT administrators worries. Most exploits are dangerous because the business loses data or an attack is used to leave backdoors and malicious applications on the network such as ransomware. Cryptojacking is dangerous because of the resources used on the computer, which can in turn increase utility bills for the corporation. Usually, it’s not just one computer compromised on the network — it’s dozens or hundreds of users with cryptojacked browsers running mining operations. It can increase your utility expenses by thousands of dollars.
Not only can cryptojacking increase utility bills but it can also reduce productivity. User computer resources are drained, so the network and the local machine run much more slowly. The sluggishness on the computer reduces overall productivity, so again it can take another toll on your revenue in an indirect way.
Protecting Your Corporation from Insider Threats
Some antivirus applications block cryptojacking, but because the attack is still in its infancy it isn’t always caught by traditional anti-malware scripts. The best way to defend against these attacks is through user education. Educate them to avoid sites that they are unfamiliar with and don’t click links from unreliable sources.
For more ways to protect from internal attackers, visit GateKeeper.
See GateKeeper proximity access control in action.
Take a self-guided tour of how your proximity-based access control can work.