With Halloween just around the corner, now is as good a time as any to reflect on a subject that scares the pants off most people – cybersecurity. For the past five years, Voxus has had the pleasure of working with WatchGuard Technologies, a global leader in network security, secure Wi-Fi, multi-factor authentication and network intelligence. From ransomware and the dark web, to Trojans that commandeer your webcam and more, we’ve learned over the past half-decade just how vulnerable most of us are to data theft and online attacks. It really can be pretty frightening.
But on the flip side, helping a company like WatchGuard educate its partners, customers and the world about cyber threats and how to prevent them has been an incredibly fascinating and rewarding experience. At the end of the day, we help WatchGuard help businesses and everyday people protect themselves. Did I mention that it’s never boring? Lurking in the shadows, there’s always a new breach poised to break onto the scene and stir up a news cycle. And reporters are typically all ears for expert insights about emerging attack techniques.
One of the most interesting subjects we’ve learned about through our work with WatchGuard over the past year is cryptojacking malware. Breaking onto the scene in a big way in 2018, cryptojackers essentially allow hackers to leach computing power from their victims’ devices to mine cryptocurrencies like Bitcoin and Monero. WatchGuard’s subject matter experts had a lot to say about this trending topic, so we’ve spent a good deal of time focusing on contributed articles, blog posts and rounds of proactive media outreach about cryptojacking.
A great example of these efforts would be this in-depth CSO Online feature, which includes numerous insights from Marc Laliberte, one of WatchGuard’s key security experts. Here are a couple of the cryptojacker prevention tips Marc gave to readers:
- Incorporate the cryptojacking threat into your security awareness training, focusing on phishing-type attempts to load scripts onto users’ computers. “Training will help protect you when technical solutions might fail,” says Laliberte. He believes phishing will continue to be the primary method for delivering malware of all types.
- Install an ad blocking or anti-cryptomining extension on web browsers. Since cryptojacking scripts are often delivered through web ads, installing an ad blocker can be an effective means of stopping them. Some ad blockers like Ad Blocker Plus have some capability to detect cryptomining scripts. Laliberte recommends extensions like No Coin and MinerBlock, which are designed to detect and block cryptomining scripts.
- Use a mobile device management (MDM) solution to better control what’s on users’ devices. Corporate ring-your-own-device (BYOD) policies present a challenge to preventing illicit cryptomining. “MDM can go a long way to keep BYOD safer,” says Laliberte. An MDM solution can help manage apps and extensions on users’ devices. MDM solutions tend to be geared toward larger enterprises, and smaller companies often can’t afford them. However, Laliberte notes that mobile devices are not as at risk as desktop computers and servers. Because they tend to have less processing power, they are not as lucrative for the hackers.
Read the full article here – you’ll be glad you did. While cryptojackers aren’t as terrifying as some of the other cyber threats we’ve seen in the past few years, the very fact that criminal hackers are profiting by sneaking this onto their victims’ devices without their knowledge is creepy in and of itself. That said, if really you want scary, check out this and this.
While learning this stuff through our PR programs for security companies often scares me to death, I’m better for it. After all, staying educated about the latest cyber threats and defense best practices is the first step toward staying safe and secure online. Happy Halloween, everyone!