Swiss National Life

Keep you company protected from cyber crime

Crypto jacking & Unauthorized Access to Resources

1. Deploy Endpoint Detection & Response (EDR) Solutions

  • Install next-gen antivirus (NGAV) and endpoint detection & response (EDR) software.
  • Use real-time behavioral analysis to detect unauthorized cryptomining processes.
  • Enable automatic threat isolation to stop compromised endpoints.
  • Regularly update security definitions to identify new cryptojacking malware variants.

2. Implement Strict Access Controls & Privilege Management

  • Follow the Principle of Least Privilege (PoLP) to limit admin access.
  • Implement role-based access control (RBAC) to restrict sensitive systems.
  • Require multi-factor authentication (MFA) for administrative accounts.
  • Conduct regular access audits to remove unused or unauthorized privileges.

3. Monitor Network Traffic for Anomalies

  • Deploy intrusion detection & prevention systems (IDS/IPS) to flag suspicious activity.
  • Use network behavior analytics (NBA) to detect unusual spikes in CPU/GPU usage.
  • Block outbound connections to known cryptomining pools.
  • Enable deep packet inspection (DPI) to identify hidden mining scripts.

4. Harden Web Browsers & Disable JavaScript-Based Miners

  • Use browser extensions like NoCoin and MinerBlock to block web-based cryptojacking.
  • Disable JavaScript execution for untrusted websites.
  • Block pop-ups and unauthorized script execution in browser settings.
  • Train employees to avoid clicking suspicious links or downloading browser extensions.

5. Enforce Application Whitelisting & Software Restrictions

  • Use application control policies to prevent unauthorized software execution.
  • Block installation of cryptomining applications on corporate devices.
  • Require admin approval for running executable scripts (e.g., PowerShell, batch files).
  • Regularly audit installed software for unauthorized mining tools.

6. Patch Vulnerabilities & Secure System Configurations

  • Regularly update operating systems, browsers, and third-party applications.
  • Patch known vulnerabilities in cloud services and web servers.
  • Disable unnecessary services and ports that could be exploited for cryptojacking.
  • Enforce secure cloud configurations using tools like AWS Config or Microsoft Defender for Cloud.

7. Secure Cloud Infrastructure & Virtual Machines (VMs)

  • Monitor cloud usage and CPU consumption for unauthorized mining.
  • Use identity and access management (IAM) policies to limit access to cloud resources.
  • Enable cloud security posture management (CSPM) tools to detect misconfigurations.
  • Implement spending alerts to track unusual cloud resource usage.

8. Educate Employees on Cryptojacking Threats

  • Train employees to recognize cryptojacking attempts in emails, websites, and attachments.
  • Conduct regular security awareness sessions on unauthorized resource usage.
  • Establish a clear reporting mechanism for suspected cryptojacking incidents.
  • Encourage employees to lock devices when away from their desks.

9. Use DNS Filtering & Block Malicious Domains

  • Deploy DNS filtering solutions to prevent access to known cryptojacking sites.
  • Block domains associated with cryptomining pools and malware command-and-control (C2) servers.
  • Use threat intelligence feeds to update domain blocklists regularly.
  • Monitor DNS queries for unauthorized mining activity.

10. Implement Log & Event Monitoring for Quick Detection

  • Use Security Information & Event Management (SIEM) solutions to detect cryptojacking patterns.
  • Enable log collection for process activity, system resource usage, and network connections.
  • Configure alerts for abnormal CPU, GPU, or server load spikes.
  • Review logs for unauthorized script execution or scheduled mining tasks.