Insights and Research

Cloud Connector and Cryptojacking

Server cords

Cryptocurrency has been in the news quite a bit lately, and Bitcoin is currently the most popular cryptocurrency. Proponents of Bitcoin cite the distributed nature of the currency as one of its main advantages with no single entity exerting control over Bitcoin. To accomplish this, Bitcoin relies on a process called mining. Mining involves solving complex, computationally expensive equations in order to validate transactions, and provides a reward for those who successfully complete the validation.

Due to the compute-intensive nature of mining, there is a strong incentive for people to steal compute time. Our researchers at ThreatLabz have detailed how malicious actors are using end users’ devices to mine cryptocurrencies. One method involves using JavaScript in the browser to perform the mining, most often without the user’s knowledge or consent.

Cloud computing resources offer another avenue for exploitation. The rapid adoption and exploding array of services and associated configuration options have led to insecure cloud deployments, and malicious actors have taken notice. Recently, there was a cryptomining worm from the group TeamTNT that was spreading through AWS. The worm harvested credentials and then deployed software to mine Monero cryptocurrency. 

In addition to leveraging a Cloud Security Posture Management (CSPM) solution to prevent misconfiguration of cloud resources, you can also leverage Zscaler’s workload communication product to secure internet-bound workload traffic. It simply requires routing a workload’s internet-bound traffic to the Zero Trust Exchange, where Zscaler Internet Access (ZIA) will analyze the communication and block malicious traffic. 

ZIA has a pre-built security policy that allows cryptomining traffic to be automatically blocked and subsequently generate an alert if so desired. Cryptomining software requires frequent communication with other nodes on the internet, and ZIA will detect the cryptomining traffic as it passes through the Zero Trust Exchange. It doesn’t matter that the traffic is encrypted, as Zscaler is able to decrypt and inspect SSL traffic.

What is involved in setting up ZIA security policy to block cryptomining traffic? Fortunately, the ZIA Advanced Threats Policy is automatically set to block cryptomining out of the box, as shown in the screenshot below. No additional configuration is required on your part.

 

Routing your workload traffic from a VPC or VNET to the Zero Trust Exchange is simple. You can deploy Zscaler Cloud Connector—a lightweight virtual machine—which will forward your traffic to the Zero Trust Exchange over a secure connection. Zscaler provides a number of Infrastructure as Code (IaC) templates, including Terraform, Cloud Formation, and Azure Resource Manager to automate the deployment process of Cloud Connector. Finally, you will update your route tables to send your subnet traffic to Cloud Connector. 

To learn more about how easy it is to protect your workloads in the public cloud, have a look at our infrastructure modernization and cloud connectivity solutions. You can also schedule a chat with a representative to get a deep dive into our products and services here.

Stay up to date with the latest digital transformation tips and news.

By submitting the form, you are agreeing to our privacy policy.