As Ransomware Declines, Cryptocurrency Mining Rises

By Sean Ventura

A year-and-a-half ago, as numerous countries dealt with WannaCry’s aftermath, ransomware was one of the hottest topics in retail IT — and all feared what would happen if their systems were suddenly held hostage.

But even by the end of 2017, security firm Malwarebytes found that ransomware attacks dropped off significantly. One potential reason: Ransomware can attract unwanted media coverage. Cybercriminals sought new methods of attacking businesses that didn’t require active participation from the victim and could fly under the radar.

That’s where cryptocurrency mining comes in. As Bitcoin and other cryptocurrencies grow in popularity, the chances that your system will be pulled into a cryptocurrency scheme grow. If you’re not looking for the signs, you could be an unwitting victim. So what's cryptocurrency mining, and how can retailers protect their systems from doing a hacker’s bidding?

What is Cryptocurrency Mining?

One of the most significant differences between the dollar and a cryptocurrency is oversight. Bitcoin lacks a central authority like the Federal Reserve; it’s de-centralized, and users, rather than banks, verify each transaction. In addition, Bitcoin requires users to “mine” for new currency by completing math problems that require considerable computer power to solve.

Rather than follow legal channels, some cybercriminals have turned to other people’s servers to gain the power they need. They’ll seek out larger companies, deliver a trojan to gain access to their network, and redirect activities to cryptocurrency mining. They’ll use so little power that it may take months to notice they’re controlling your servers.

With a cryptocurrency mining attack, you’ll see slower-than-usual response times in your network, which could easily be mistaken for higher traffic or aging technology. That will reduce the number of transactions your sales staff and website can complete, negatively impacting the customer experience, especially with peak season in full swing.

That’s why you need to be more vigilant than ever, not only in securing your systems, but in monitoring for any anomalies to stop a successful hack quickly.

How Can Retailers Protect Their Technology?

A healthy network requires you to watch what’s going in — specifically, the applications and solutions you choose to run. Because major retailers have complex systems running multiple programs across their brick-and-mortar, e-commerce and fulfillment operations, there are numerous connections through which a cybercriminal can gain access to your network.

If you want to take a more proactive stance on security, consider these two recommendations:

Adopt a zero-trust model. Your IT team should be aware of every program running across your network, and the process for obtaining approval from the IT team to bring on a new app should be widely circulated — shadow IT can wreak havoc on network security. Before allowing a program’s use, the team should work closely with the vendor to determine its security standards and ensure there’s no back door through which a cybercriminal can access your system. If IT isn’t comfortable with the answer, the program shouldn’t run on your network.
Implement a single point of control. One of the benefits of moving your operations to the cloud is gaining a stronger firewall for your network. Your integral systems, such as your POS or WMS, can be accessed from a single system, reducing the number of potential entry points for cybercriminals. If you’re considering a cloud migration, talk with your vendor about its security standards and make sure they match your expectations, especially if you’re maintaining detailed customer data within your solutions.

Vigilance is the Key

No matter the hacker’s method, neutralizing cyber threats begins with research — i.e., developing a deeper understanding of the software running on your network and preventing problematic programs from gaining approval in the first place. By forming stronger relationships with your vendors and implementing operational strategies that reduce risk, you’ll be ready to prevent whatever cyber threats may arise.

Sean Ventura is chief information security officer at Atmosera, a provider of business-class cloud enablement offering comprehensive managed services for Azure, hybrid and private clouds.