Ever since the introduction of the internet, criminals have not shown any signs of slowing down in their journey...
to discover new and effective ways to exploit individuals and businesses for money. The introduction of cryptocurrency brought a significant increase in cyberattacks because it was much easier for attackers to request money from their victims with little risk of being caught or identified. Ransomware became one of the most common attacks used to hold data hostage, especially in healthcare, and that helped increase the use of digital currencies like Bitcoin. But the use of ransomware was not enough for cybercriminals. Signs show that a new threat called cryptojacking may be brewing as a new way for cybercriminals to make money.
The value of digital currency peaked in 2017 at a staggering $19,000 per Bitcoin. Since this digital currency is going mainstream there are two ways to get Bitcoin. One method hackers use is to have their victims purchase Bitcoin using their credit cards, and then transfer the digital funds to them. The second method to get them is by mining and generating their own Bitcoins.
The idea behind mining coins is to reward anyone willing to participate in supporting the blockchain network needed to maintain the cryptocurrency. Anyone who donates processing time and connectivity to the cryptocurrency network receives a payment in the form of Bitcoin. However, in order for the reward to be substantial, one has to have access to a significant amount of processing power or a large number of machines that can run the mining code.
As a result, more cyberattackers are targeting healthcare and quickly attempting to roll out more attacks that can hijack other machines' processing power so they can use them to secretly mine currency on their behalf. The practice is called cryptojacking and has already seen significant success. Cryptojacking attacks do not always require infecting a machine with a virus or malicious code to be installed. Numerous instances show that attackers simply target website visitors and let their web browsers perform the mining on the attackers' behalf.
Even though mining may not seem to target anything but the processing power within the target machine, in healthcare it would still impact the overall equipment and performance. Several incidents have been reported around machines overheating and computers performing poorly due to their processes being maxed out by the mining behind the scene. When hospital equipment doesn't perform the way it is supposed to, patients' lives can be jeopardized. Therefore, hospital IT departments are growing concerned that these will become the next wave of attacks they are likely to face.
Fortunately, hospitals can still take appropriate steps to fight against the new cryptojacking threats. There are several steps IT can take to be prepared for cryptojacking in healthcare environments.
Scan the network for abnormal CPU spikes
Hospital IT must always be diligent in scanning their environment for any abnormal activities across their computers, servers and network appliances. But for cryptojacking, one key area that must be looked at is CPU usage. The scans performed must report on any machines that may experience an increase in CPU usage over longer period of times as this could be an indicator of possible mining behavior in the machine.
Keep systems up to date
All systems must be kept up to date and patched. Not only is this practice required by HIPAA regulations, but it also helps ensure that any potential exploits within the systems are addressed so they don't allow remote execution of code that can lead to serious infections.
Block all internet uses or implement URL filtering
It is a common best practice to keep servers isolated from the internet by blocking all internet access to the browser. But for end-user machines, that practice is impractical. One step that can be taken to reduce risks associated with cryptojacking attacks is to deploy web filtering tools that restrict access to known safe websites. Another is to use browser extensions that can block different known miners in the wild, such as Coin-Hive Blocker, MinerBlock and NoCoin. There are also other methods that include blocking complete domains that may be used by miners as well. This practice allows administrators to block the communication between the machine and the mining services like coin-hive.com
The growing concern for health IT departments is that there is always a new threat on the horizon on top of the existing ones that never seem to go away. Ransomware continues to lurk and attackers are constantly trying to gain access to machines in order to encrypt them. The addition of cryptojacking to the list of concerns hospital IT has is yet another item to monitor, detect and block. While it may seem less harmful than ransomware and typically does not target actual data, hospitals should still treat it like any other serious threat.