- 9 October 2018 09:47
Beware of ‘Cryptojackers’ Infiltrating Consumer Devices to Mine Virtual Currencies
Sydney, October 9, 2018 - Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, today issued a security alert that cybercriminals are now targeting media devices and unsecured IoT devices for cryptomining as many of them use powerful GPUs to decode and transcode content in high-resolution formats. Media devices are especially attractive targets due to their use of powerful GPUs combined with lax home security. And because they tend to always be powered on, there is a lot of downtime that can be exploited without detection.
Cryptojacking is a new technique where cybercriminals sneak malware into computers and other media devices, and then hijack the computer’s processing power to perform crypto-mining. The number of reported cases is rising and cybersecurity experts are warning individuals and businesses about the danger.
“Cryptojacking has become a growing concern. Cybercriminals aren’t satisfied with the available supply of vulnerable servers and PCs to hijack in order to mine their favorite cryptocurrency. So, they have added another rich source of computational horsepower to their arsenal—IoT devices,” said David Maciejak, Director of Security Research, Fortinet.
Due to the explosion in Internet of Things (IoT), which is projected to connect up to 20.4 billion devices globally by 2020, more and more electronic devices in homes are being connected to a network or Internet.
According to Fortinet’s FortiGuard Labs, Hide ‘N Seek (HNS) could be the first in-the-wild malware to actively target vulnerabilities in home automation solutions. HNS is an IoT botnet which targets routers, IP cameras, DVRs, as well as cross-platform database solutions and smart home devices.
“As our work and social networks expands and the potential threat footprint in our homes continues to grow, it is critical that we take a fresh look at how we could protect from growing number of networks we interact with. With the prevalence of BYOD (Bring Your Own Device), work devices brought home are also subject to greater risk of cyber-attacks,” said Maciejak.
Fortinet recommends 3 cybersecurity strategies to protect your home networks from cybercriminals:
1. Learn & Discover Your Home Network
With the increasing number of portable IoT and other devices being installed or used by family members and friends visiting your home, it may be difficult to know exactly what is on your home network at any given time. Even harder is controlling what they are allowed to do.
There are a number of security tools on the market today designed for the home that can identify devices looking to connect to the Internet through your Wi-Fi network. Many of them can be easily configured to provide them with access to your guest network, while restricting and monitoring the kind of traffic they are generating, the applications and home resources they are able to access, the amount of time they can be connected online, and the places on the Internet they are allowed to connect to.
2. Implement a Segmented Network
Ensure that visitors and unauthorised devices are connected to a guest network while critical resources such as financial data, should be isolated from the rest of the network.
· Buy separate wireless access points to separate things like gaming systems and IoT devices from your PCs and laptops.
· Set up a wireless guest network for visitors or new devices. Most access points allow you to restrict access, set up things like firewalls, and monitor guest behavior.
· To protect your critical resources, consider purchasing a separate dedicated device that is only used for things like online banking. You could also set up a separate virtual device on your laptop or PC for banking online.
· As much as possible, keep your work and personal devices separated. Set up a separate connection for work, only connect through a VPN tunnel, and consider encrypting sensitive data traveling back and forth between your home and corporate networks.
3. Protect All Critical Devices & Perform Regular Updates
Keep a list of all the devices and critical applications on your network, including the manufacturer. Set up a weekly routine to check for updates for physical and virtual devices, operating systems, applications, and browsers.
· Get antivirus and anti-malware software, keep it updated, and run it regularly. Remember that no software is 100% effective, so set up a regular schedule, say once a month, where you use a second or third security solution to scan your device or network.
· Get a firewall. Most home security packages include a firewall option. Turn it on. Even the default settings are better than doing nothing.
· Use good password hygiene. Change your passwords every three to six months. Use an encrypted password locker to store passwords. Use different passwords for different kinds of things. Don’t mix your personal and work passwords.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security features without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 350,000 customers trust Fortinet to protect their businesses. Learn more at www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2018 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiASIC, FortiMail, FortiClient, FortiSIEM, FortiSandbox, FortiWiFi, FortiAP, FortiSwitch, FortiWeb, FortiADC, FortiWAN, and FortiCloud.
Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialise or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.