BRENDAN MCARAVEY, Country Manager, Citrix South Africa, takes a look at what Cryptojacking jacking is, how it works and how it can be avoided.
Parasites in the digital world don’t kill, encrypt, or ransom the hosts as compared to the parasites in the real world. However, they do siphon off compute resources – preferably undetected. Compute resources are a valuable commodity in the world of crypto-mining. This stealthier malware phenomenon called ‘cryptojacking’ is becoming a popular payload since it’s an effective way to generate revenue with a lower chance of detection. The goal is to run undetected – stealing CPU cycles – essentially becoming a digital parasite.
Crafty adversaries driven by the opportunity of financial gain are weaponising crypto-mining to exploit the digital currency boom. Before we go any further, it is key to understand what ‘crypto-mining’ is? It is an intensive process – consistently running mathematical calculations that keep processors at 100% usage.
Professional miners make a large upfront investment in specialised hardware and infrastructure. Case in point, according to a South African gaming website, since the cryptocurrency boom, it has become extremely hard to get hands on graphics cards. They are mostly out of stock, with no guarantee on when they will be back in stock and sky-high prices are being asked for second-hand cards in local classifieds.
As more miners came online, the difficulty level adjusted so that running multiple graphics processing units (GPUs) became more effective at mining. Next came specialised chipsets or ASICs designed specifically for mining Bitcoin – these are getting smaller and more efficient. To increase the chances of pay-out, multiple miners join pools in which they are compensated based on their contribution of compute resources or hash power.
A tell-tale symptom of your CPU being used by miners is sluggishness, high CPU usage, and the whine of maxed-out RPM on the cooling fans. Cryptojacking is not just limited to laptops and PCs, mobile devices and gadgets are also susceptible, even more so since the mining scripts can run in the background or are more difficult to identify.
As with other attacks, server side cryptojacking can be more complex and more complicated once it spreads. If the attacker gets access to the infrastructure, he or she may provision additional servers – in cloud environments, expect to see new servers with high end specs and cost.
Locally we haven’t as yet witnessed cryptojacking attacks, however, globally an example is WannaMine, where the attackers use ‘live off the land’ technique such as Windows Management Instrumentation (WMI) permanent event subscriptions as a persistence mechanism. It also propagates via the EternalBlue exploit popularised by WannaCry.
It’s fileless nature and use of legitimate system software such as WMI and PowerShell make it difficult, if not impossible, for organisations to block it without some form of next-generation antivirus. Defending against cryptojacking requires a holistic approach and building a security architecture with a secure digital perimeter. The approach must focus on prevention as well as detection. Citrix has partnered with multiple security companies that enhance endpoint, network, server, and cloud protection.
For enterprises, delivering a locked down Secure Browser as a service can help reduce the attack surface by blocking the mining scripts as well as blocking the periodic call-backs to the mining pools – which are the command and control for crypto mining.
A critical component is early detection of CPU spikes above normal range – typically sustained. IT Operations should have defined CPU thresholds and analytics with alerts sent to admins when the CPU usage rises above the threshold. A couple of side notes here are that the alerts should disregard the process names – the digital parasite wants to remain undetected and can be disguised to be a system service or process.
Secondly, more devious adversaries will tune down the CPU leeching to not stand out as dramatically – effectively flying under the radar. Establishing a baseline and identifying aberrations quickly is the goal. Once detected, restoring the server to a golden image makes the process easier – local backdoor accounts, services, other changes can be undone.
Protecting against cryptojacking is very much the same as protecting against other malware – however, we are looking for different symptoms and long-term effects in hardware wear and tear, user performance degradation and loss of scalability. Higher costs in electricity or cloud usage are both more intermediate financial symptoms. Stay vigilant even if there are no demand notes or immediate indicators of compromise.
Queues and cash-only frustrate SA’s commuters
A new study by Visa reveals the success factors for improving travel and creating smarter cities
The use of cash-only payments was
Visa, in collaboration with Stanford University, came up with these findings in one of the largest global studies examining the growing demand for public and private transportation, and the important role digital commerce plays in driving sustainable growth.
According to the UN[i], by 2050, 68
Building on Visa’s experience working with transit operators, automotive companies and technology start-ups, Visa commissioned a global study, “The Future of Transportation: Mobility in the Age of the Megacity” to better understand the challenges commuters face today and in the future. The key findings were combined with a view of existing and near horizon innovations provided by experts at Stanford University, to better understand the technology gaps in addressing their pain points.
The South African Perspective
Payments lie at the heart of every form of
Aside from cash-only payments, another commuter frustration when paying for public transport has been long queues – 67% of Johannesburg commuters and 64% of Cape Town commuters. Over the last few years, a number of mobile-driven taxi-hailing apps have been launched in the South African market to counteract these concerns and commuters are open to the possibilities presented by mobile apps. The Visa study echoed this by showing that 77% of Johannesburg commuters and 76% of Cape Town commuters would be willing to try a consolidated app to make payments for public transport.
Mike Lemberger, SVP, Product Solutions Europe, Visa says: “The future success of our cities is intertwined with – and reliant on – the future of transportation and mobility. Visa and our partners have an important role to play, both in streamlining the payment experience for millions of commuters around the globe, and supporting public transportation authorities in their quest to build sustainable and convenient transportation solutions that improve the lives of the people who use it.”
Herman Donner, PhD and Postdoctoral Researcher from Stanford University co-authored the report and summarised: “When looking across the technology landscape, there already exist many products that could easily address people’s daily frustrations with travel. However, none of these solutions should be developed in isolation. A major challenge therefore lies in first identifying relevant technologies that provide suitable products for the market then managing implementation in conjunction with a broad set of stakeholder including mobility providers, technology companies, infrastructure owners and public transport agencies. From our research, we think that many of these small, incremental changes have the potential to make a significant difference in people’s daily travel, whether it’s to help find parking, get the best price to refuel their car or plan their journey on public transportation.”
Click here for the detailed global findings.
Women take to tech, but more needed
By HAIDI NOSSAIR, Marketing Director META, Dell Technologies
$12 trillion – that is the value in additional global GDP that remains locked behind the gender gap. This is according to the latest Women Matter report from McKinsey, which also reveals startling disparities in the workplace. Even though women make up more than half of the human population, only 37% contribute to GDP on average – and in some countries that proportion is significantly lower.
The reasons for this can be put in three areas. Fewer women – 650 million fewer than men – participate in the global labour force. Women are also more likely to be in part-time employment and thus work fewer hours. Finally, female employees are more common in lower-productivity sectors than in higher-productivity areas. Are women not being offered the opportunity or are they holding themselves back?
Among STEM careers this ratio is particularly dismal: only 24% of engineering professionals are women, and as few as 19% of careers in ICT are filled by women.
What is the cause of this? Studies have found that women pursuing STEM careers are higher in countries with more oppressive policies towards women, because those careers hold the promise for financial freedom and more social autonomy. In contrast, countries with progressive attitudes towards women tend to produce fewer female STEM graduates. Then how can we encourage women from early ages to take the path of STEM education? And how can organizations ensure women have equal opportunity at the hiring stages.
Certainly addressing gender inequality is crucial and must not stop.. Where women are increasingly more part of the workforce, there are often still barriers preventing them from assuming higher management roles. Female entrepreneurs often struggle more to gain investment capital. Corporate cultures are rarely aligned with the pressures of balancing work and family obligations. Decision makers may simply lack exposure to the potential of female candidates. Female pioneers have also argued that women are too risk-averse when compared to men.
Whether these assertions are true is a matter for debate – and that’s exactly why every professional man and woman should be talking about them and identify action to change the status-quo. This is not just about female rights, but about social upliftment: companies with a mixture of male and female leaders perform better across the board and companies in the top-quartile for gender diversity are 21% more likely to outperform on profitability.
The digital economy we live in today represent a golden opportunity for increased women contribution to the workforce as technology breaks the boundaries of location and time for the workplace and where labor intensive jobs may today be performed by data scientists.
For two days in March, top professionals will gather to talk and exchange ideas around creating more roles for women, larger appreciation for female professionals, as well as counter the attitudes among women holding them back from greater career success and autonomy.
If you want to be part of this conversation, join the Women in Tech Africa summit today at the Century City Conference Centre in Cape Town – learn more at https://www.women-in-tech-africa-summit.com/ and use the code DELL20 for a 20% discount.