Hit the Road, Jack! Protecting Your Enterprise Against Cryptojacking

FEATURE / 05.02.19 / Alex Willis
Hit the Road, Jack! Protecting Your Enterprise Against Cryptojacking

How secure is your network against cryptojacking? You might want to double-check, because there’s a chance it could be producing lots of money—just not for your organization.

A recent article from TechCrunch cites research that shows a troublesome spike in a malware which leverages exploits stolen from the National Security Agency (NSA) to compromise corporate networks. Dubbed Beapy, this malware allows bad actors to conscript infected computers for cryptocurrency “mining.” This process is known as cryptojacking.

According to the researchers, there have been over 12,000 unique Beapy infections across more than 700 organizations since March alone. The cryptominers usually target enterprises due to their large host of computers, which - when infected - can produce large amounts of cryptocurrency in a fairly short period of time.

Beapy is typically propagated by means of specially-crafted malicious emails. The malware creates a persistent backdoor on the infected computer, and is designed to spread laterally through an enterprise’s network, utilizing the same NSA exploits that facilitated WannaCry’s mayhem back in 2017.

But there’s another, more simplistic way that Beapy is worming its way into enterprise networks: via passwords. Utilizing Mimikatz, an open source tool that can expose user login credentials, Beapy can sniff passwords entered on an infected computer to further gain a foothold in an enterprise’s network. This highlights a worrisome concern for enterprises: a single infected device on an enterprise network is all an attacker needs to launch a major cryptojacking operation.

Beapy is the latest in an increasing number of cryptojacking malware variants targeting enterprises around the world. - and there’s no signs the trend is waning. This sort of file-based cryptojacking is quicker, more efficient and more lucrative than exploiting website vulnerabilities. With more than one million computers vulnerable to attacks, enterprises need to be placing secure, authenticated protection of their systems at the top of their priority list.

With World Password Day shining a light on best practices for password authentication this week, it’s the perfect time for enterprises to take stock and protect their networks. Using the same password for multiple cloud or on-premise systems is dangerous because if one is compromised, a malicious actor has the login credentials for a host of other systems too. BlackBerry Enterprise Identity (EID) removes this burden by offering single sign-on to cloud services so that users don’t have to complete multiple logins or remember numerous passwords, significantly reducing the likelihood that password sniffing malware can compromise credentials.

With BlackBerry EID, enterprises can harness a singular identity to authenticate on business systems - locally or remotely - with the authentication event occurring securely behind the network firewall. This means users don’t have to synchronize their credentials outside of the network, they can simply access systems and services from any device of their choosing.

This ability significantly boosts employee productivity by allowing them to use personal devices in the workplace (BYOD) and at home to access systems they need to be more productive while reducing risks to overall security.

Since EID provides a single authentication service, it’s also easy to lock out a user who no longer should have access to sensitive systems—in fact, they can be automatically removed from the UEM server and be instantly denied the capability to login. Overall, a more secure environment is created when a company’s network credentials are managed by one network security team.

Because of malware like Beapy, we’ve also seen how insecure SMS or email-based two-factor authentication (2FA) can be. This is the technique most cloud systems currently employ as a second failsafe, but it’s an innately hackable setup. BlackBerry 2FA provides simple, high-security user authentication that safeguards all of your enterprise’s critical systems, and it’s a certificate-based direct push so that the data is encrypted while in transit to your phone.

With BlackBerry Intelligent Security, organizations can initiate remediation, remotely locking or wiping a device, or alert security if a prompt is not received or is declined. As passwords become more and more vulnerable with the expanding number of endpoints, secure two-factor authentication is vital for enterprises looking to protect their network from advancing cyberthreats.

BlackBerry 2FA supports unmanaged devices as well as devices managed by third-parties, meaning it can easily map onto almost any device users of your network may choose to use while on the go. Once employees register one or more mobile devices, they can securely access critical systems simply by entering their usual password and clicking ‘OK’ on a registered mobile device . This one-click experience eliminates the frustration that comes with other cumbersome authentication processes and the need for users to remember PINs, carry additional devices, or manually transcribe passwords or authentication codes.

While cryptojacking is one of the more victimless cybercrimes, it can still take a number on your network, slowing down computers and creating device degradation. To combat the rise of cryptojacking malware like Beapy, enterprises need to act fast to secure their endpoint to protect critical networks. There’s no need to reinvent the wheel, though—sometimes it boils down to something as simple as bolstering your password protection.

Alex Willis

About Alex Willis

Alex Willis serves as the Vice President, Global Technical Solutions at BlackBerry.