Attackers Still use Drupalgeddon2 Vulnerabilities for Cryptojacking

A vulnerability in Drupal’s content management system was found weeks ago. But as with many patches site owners either don’t know that they need to patch their software or they disregard it as unnecessary.  Unfortunately, this is the crux of a widespread problem in recent days that indicate more attackers are using the Drupalgeddon2 exploit to inject cryptojacking code that silently uses viewer computers to mine cryptocurrency.

What is Cryptojacking?

Cryptojacking is a new attack meant to mine digital currency for the attacker. Mining cryptocurrency requires computer resources. These resources limit the amount of currency a miner can obtain from answering computational questions. The miner earns a crytocurrency. With Drupalgeddon2, miners usually earn Monero. Monero is a popular cryptocurrency that promises anonymity in transactions.

Using computer resources costs electricity, and these electricity costs can skyrocket when mining cryptocurrency. Miners can join groups and pool resources, but even these groups have limited resources. Cryptojacking gives miners a way to pool potentially thousands of computers and using their resources to mine cryptocurrency, which could earn an attacker thousands in digital currency.

The attack vector is usually injected JavaScript on a compromised website. Some sites even host cryptojacking ads unknowingly. There are few signs of cyber security compromise. Users experience extreme sluggishness on their computer and assume it’s crashing. They could close the browser or reboot the computer and the issue disappears until they access the same site again.

Why is Cryptojacking Dangerous for Businesses?

On the surface, cryptojacking seems like the least of any IT administrators worries. Many exploits leave backdoors and malicious applications on the network such as ransomware. This makes them more dangerous. Cryptojacking is dangerous because of the resources used on the computer, which can in turn increase utility bills for the corporation. Dozens or hundreds of users with cryptojacked browsers could be running mining operations. It can increase your utility expenses by thousands of dollars.

Not only can cryptojacking increase utility bills but it can also reduce productivity. User computer resources are drained. So the network and the local machine run much more slowly. The sluggishness on the computer reduces overall productivity, so again it can take another toll on your revenue in an indirect way.

The latest exploit was affecting Drupal websites. They eventually released a patch. But many site owners have not taken the time to patch their sites. One victim of the exploit was Lenovo. When users visited Lenovo’s site, they unknowingly ran cryptojacking code that stole resources and mined digital currency for the attacker. Since Lenovo is a popular site, it’s possible that the attackers were able to get millions of users to run silent JavaScript and mine potentially millions of dollars worth in mining digital currency.

Protecting Your Corporation from Insider Threats

It isn’t always outsiders attacking corporate resources. Attackers can also come from within. Employees can add JavaScript through code injection or other ways to create cryptojacking resources on the network. The result is that you could be running a mining operation without your knowledge. This can mean that the costs of doing business skyrocket.

Some antivirus applications block cryptojacking. Traditional anti-malware scripts don’t always catch the attack soon enough. This is because the attack is still in its infancy. The best way to defend against these attacks is through user education. Educate them to avoid sites that they are unfamiliar with and don’t click links from unreliable sources. Read about other threats from the far side of the world.

For more ways to protect from internal attackers, see how the GateKeeper 2FA token can help. You can use proximity-based authentication to protect access to computers, websites, and desktop applications. It can also be used to protect access to crypto hardware wallets.

Capterra Best Value for Authentication Jun-20
Capterra Ease of Use for Authentication Jun-20

See GateKeeper Enterprise advanced MFA in action.

Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.