Hunting down crypto miners on Linux using Microsoft’s Azure Security Center
This year, crypto mining replaced ransomware as the top cybersecurity threat. Malware, in general, accounts for the majority of cybersecurity threats, but crypto mining reigns supreme. The challenge is detecting these crypto miners, as they get covertly installed on your machines. They might not be doing harm directly (eg: stealing your data) but they are taking away valuable computing power from your environment, leaving no compute cycles for your business app, and potentially increasing your cloud computing bill altogether. Azure Security Center, which has great support for Linux and container technologies, can help you hunt those miners down.
A third of all malware is crypto mining
General malware, which includes both ransomware and crypto mining, made up 52% of cybersecurity threats in the first half of 2018, according to Webroot’s Mid-Year Threat Report Update. But crypto jacking — the nonconsensual act of crypto mining someone else’s machine — alone accounted for 35% of threats.
“In either case, it may be largely invisible to the end user, who likely won’t notice a small spike in their electric bill. But for an organization, power bills can skyrocket, especially when criminals employ scaling, i.e., keeping the drain on the CPU minimal when a keyboard or mouse is being used but scaling up to 100% at other times.”
Interested in more technical details? Select the dark button on the right
Are you interested in how to detect crypto miners on Linux? The dark button on the right hand side of the screen will take you to the technical details.
How can I protect myself from these types of attacks?
Crypto miners are a real threat. They will impact your business applications, and potentially raise your Azure bill quickly, both costing a lot of money. Implementing cloud security is a key task to protect yourself from these types of attacks, and provide detection.
Wortell can help design and implement Azure Security Center and other (cloud) security measures. However, we also provide it as a service through our Security Operations Center (SOC). Contact us for more information.
— Maarten Goet, MVP & RD