Actionable Recommendations from Cybersecurity Research Series -- Cryptojacking Injection
Dr. Dave Chatterjee, Ph.D.
Cybersecurity And Technology Subject Matter Expert| Featured on USA Today| Author, Cybersecurity Readiness: A Holistic and High-Performance Approach | Cybersecurity Readiness Podcast Host | Visiting Prof. @ Duke Univ.
Since assuming the role of Senior Editor of the Journal of Organizational Computing and Electronic Commerce in January 2018, I have thoroughly enjoyed managing the development of some excellent cybersecurity research papers. A highly proactive review team of distinguished practitioners and academics have helped with the review process and I am forever grateful to them. I plan to share, on an ongoing basis, some actionable recommendations (provided by the lead author) from the accepted papers.
Paper Title: Cryptojacking Injection: A Paradigm Shift to Cryptocurrency-based Web-centric Internet Attacks
Authors: Aaron Zimba, University of Science and Technology Beijing; Zhaoshun Wang, University of Science and Technology Beijing; Mwenge Mulenga, Mulungushi University, Zambia.
Accepted for publication in the Journal of Organizational Computing and Electronic Commerce. Forthcoming in 2019.
Actionable Recommendations
- Incorporate cryptojacking in the risk and threat analysis of the overall cybersecurity assessments of the organization.
- Incorporate cryptojacking security awareness in user training, focusing on looking for signs of crypto mining and phishing-type attempts that seek to load crypto mining JavaScript onto endpoint devices.
- In network-based mitigation strategies, network forensics artifacts should be used as IOCs, while unusual computer behavior patterns and observable characteristics should be used as IOCs in host-based mitigation strategies.
- For personal computers such as laptops and mobile tablets, add-blockers and anti-crypto mining extensions or plugins can be used to prevent browser-based crypto-mining.
- The CISO can take a proactive role to find crypto mining C2 servers IPs and domains and confirm them with reputed security sources and blacklist them from the production network.
- The CISO can take a proactive lead to enforce security policies that will filter URLs harboring crypto mining JavaScript code (and crypto mining associated files) from the production network.