Signs, Tips, and More: The ABC’s of protecting SMBs in SEA against malicious mining

Across Southeast Asia, the COVID-19 pandemic has seen businesses and governments attempt to mitigate the financial impact of this unprecedented public health crisis. Southeast Asian economies are taking a huge hit in the global economic crisis, with 64% of respondents from a recent regional survey conducted by Ernest & Young expecting a slower recovery extending into 2021.

While countries continue to experience different levels of success with containing the spread of the coronavirus, they have adopted different approaches when it comes to reopening their economies. For example, Singapore is currently in Phase 2 of its exit strategy from the circuit breaker measures, with most businesses and social activities allowed to resume from June 19. In Malaysia, most economic activity has been resumed with interstate travel permitted from June 10. These are clear indicators that Southeast Asian countries are making a concerted effort to enable their businesses to recover more quickly from the pandemic.

However, challenges such as cash flow problems persist. Almost 5,000 firms have borrowed S$4.5 billion from government assisted schemes in recent weeks in Singapore, while the Bank of Thailand has provided 500 million baht of soft loans to financial institutions so that they can offer loans to certain small medium businesses (SMBs). If SMBs are to ensure that their path to economic recovery remains smooth, they would need to address all aspects of their business operations and strategy – and that includes shoring up their cybersecurity defences to reduce the financial impact of data breaches and hacks.

CRYPTOMINING AND ITS IMPACT ON SMBS

According to Kaspersky’s latest statistics for Southeast Asian SMBs in Q1 this year, over a million crypto-mining attempts were foiled against devices of businesses, a 12% increase compared with 949,592 mining incidents blocked in the same period last year. The total number of miners detected in the first three months of 2020 is also significantly more than the 834,993 phishing attempts and 269,204 ransomware detections against SMBs in the region.

Malicious mining, also known as cryptojacking, happens when cybercriminals install a malicious programme on the target computer or by means of fileless malware without the user’s knowledge. As a result, this allows them to harness the victim’s processing power for their own nefarious purposes. Cryptojacking has also been known to occur when a victim visits a site that has a mining script embedded in the browser.

Kaspersky’s data further reveals that Indonesia and Vietnam were among the countries in SEA and globally with the highest number of mining attempts against SMBs. Most of the six countries in the region, except the Philippines and Thailand, have also recorded an increase in terms of this malware’s detection in the first quarter of 2020.

Number of malicious mining attempts against SMBs blocked by Kaspersky solutions and the country’s ranking based on the share of users almost infected with this malware

“Malicious mining attacks continue to remain as a widely underreported area of cyberthreats to SMBs. In this age where we are well acquainted with the infamous examples of data breaches, it is natural for us to pool our resources together and deal with ransomware and large-scale phishing attacks. However, this is not the case when it comes to cryptomining,” comments Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.

“As the symptoms and consequences of malicious mining are less obvious and less immediate than ransomware and phishing attacks, it easier for SMBs to disregard it as a mere technical issue. However, its aftermath is costly in the long run. The rapid increase of cryptojacking incidents in the region should be a wakeup call for enterprises in all shapes and forms. Cybercriminals are doing this attack because it is profitable, it is high time that we acknowledge this and improve our defenses against it,” he adds.

SIGNS THAT YOU MAY HAVE BEEN COMPROMISED BY CRYPTO-MINING

In essence, some signs that may point towards devices being used for crypto-mining:

• Substantial increase in electrical consumption and usage of CPU
• System response will slow; the device’s memory, processor, and graphics adapter are bogged down completing cryptomining tasks.
• Wasted bandwidth will decrease the speed and efficiency of legitimate computing workloads
• Batteries will run down much faster than before, and devices may run quite hot.
• If the device uses a data plan, users will see data usage skyrocket.

TIPS TO SAFEGUARD YOURSELF AGAINST CRYPTO-MINING

To proactively safeguard your business against SMBs, here’s what you should focus on:

• Enhancing the cybersecurity awareness of your employees is the first step, but a highly critical one for any business that takes cybersecurity seriously. Having them understand basic things like what file/link to open will go a long way in preventing crypto-miners from planting malware on electronic devices. Also, it is worth creating employee and operational control policies that cover aspects of network management and facilities, including password renewal regulations, incident handling, access control rules, protecting sensitive data and more.
• Monitor web traffic – frequent queries to domains of popular cryptomining pools are a clear sign that someone is mining at your expense. Ideally, add these domains to your domain block lists for all computers in your network — lists of such domains can be found online. New domains are constantly appearing, so be sure to update the list systematically.
• Keep track of your server load. If the daily load changes suddenly, that may be a symptom of a malicious miner. Carrying out regular security audits of your corporate network may also be helpful.
• Ensure that all your software are up to date as soon as they are available so that you are well prepared for the latest cyberthreats.
• Implement the right cybersecurity solution for every aspect of your business operations, both hardware and software related. Use a dedicated endpoint security solution equipped with web and application control, anomaly control and exploit prevention components that monitor and block suspicious activity on the corporate network.

If you are already the victim of a crypto mining attack, or are looking to recover, here’s what you can do:

• Use a strong security solution on all computers and mobile devices, such as Kaspersky Internet Security for Android or Kaspersky Total Security to identify the threat, and enable Default Deny mode where possible.
• Kill and block website-delivered scripts. Your IT team should note the URL that is the source of the script and update the organisation’s web filters to block it immediately.
• If a website extension is responsible for infecting the browser, update all the extensions and remove those that are not needed or are infected.