Skip to main content

If the current threat landscape wasn’t enough to keep you up at night, you can now add Cryptojacking attacks to the list. According to NTT’s 2021 Global Threat Intelligence Report, 41% of all malware detected was coin miners. It should come at no surprise that this percentage was so high and why we’re seeing an upward trend in malware with the current surges in bitcoin value. We’ve put together some tips on how you can protect your network from cryptojacking attacks and what to look out for. 

Cryptojacking A Quick Primer

We start with a quick primer on what is cryptojacking. In short it’s the unauthorized use of someone’s computer to mine cryptocurrency. Cryptojacking on your network could be caused by internal employees or compromised machines and is typically infected via phishing, malware or javascript. Regardless of how it happens it can eat up a lot of resources that include:

  • CPU on existing machines
  • Energy
  • VPC cycles
  • Employee time

Cryptojacking is becoming increasingly rampant. The reason for this is because it doesn’t require a specialized skill set and bad actors can remain anonymous.  Additionally detection capabilities are not yet widely available except with Netography, more on that later. Employees also have extensive knowledge of infrastructure and an intimate familiarity with when staffing levels are low. Also policing cloud usage is not always practiced in most organizations and small fluctuation in bills month to month doesn’t always raise red flags. The last reason why we are seeing this attack vector grow is the lucrative opportunities that can be gained with mining bitcoin. 

What To Look For:

As we mentioned above, one way threat actors are able to go unnoticed is the ability to exploit resources without being detected. It’s wise to keep an eye on your power bill and investigate spikes that may correlate with traffic on your network. Additionally monitoring CPU spike and VPC metrics is also key to helping to detect potential signs of abuse. Lastly, as a best practice patch and update when new updates come along. 

How Do You Protect Your Network?

Other than the obvious – give us a call 🙂 … a variety of different methods can be utilized. Blocking some DNS to locate seed nodes to join the network. If you are a DNS operator you can monitor for these DNS Queries below. Blocking the seed DNS list with a service like OpenDNS/ Cisco Umbrella or through your own DDI Solutions. NOTE: This does not stop hardcoded see IP Addresses

        vSeeds.emplace_back(“”); // Pieter Wuille, only supports x1, x5, x9, and xd

        vSeeds.emplace_back(“”); // Matt Corallo, only supports x9

        vSeeds.emplace_back(“”); // Luke Dashjr

        vSeeds.emplace_back(“”); // Christian Decker, supports x1 – xf

        vSeeds.emplace_back(“”); // Jonas Schnelli, only supports x1, x5, x9, and xd

        vSeeds.emplace_back(“”); // Peter Todd, only supports x1, x5, x9, and xd

        vSeeds.emplace_back(“”); // Sjors Provoost

        vSeeds.emplace_back(“”); // Stephan Oeste

        vSeeds.emplace_back(“”); // Jason Maurice

Additionally deploying an NDR, Firewalls and ACLs and monitoring the following common cryptocurrency destination ports (TCP):

Bitcoin: 8333

Litecoin: 9333

Dash: 9999

Dogecoin: 22556

Bitcoin Testnet: 18333

Ethereum: 30303

How Can Netography Help

Netography detects and remediates threats in real-time. We’ve recently added threat detection models for cryptojacking as a result of our investigation into our client base. Our client’s benefit from our SaaS model by having it automatically added to their deployments and having it run in the background. With Netography, it’s easy to stay ahead of advanced threats and gain complete visibility into your environment and effectively block global threats in real-time with little effort to deploy. If you’d like to explore how Netography can help your organization contact us today.