The ongoing crypto winter, a market cooling period in the crypto market, is no excuse for crypto marketers to lower their cybersecurity precautions for hackers who use an unsuspecting party’s computer and/or server illegally and unlawfully for crypto scams.
For rightful holders of cryptocurrencies, the losses associated with the crypto winter have been devastating, while crypto winter means slightly less free money for crypto hackers than before.
Cryptojacking affects everyone, but companies that rely heavily on third parties are more vulnerable, and a malicious actor always looks for the weakest link when trying to breach cybersecurity defenses. Third party trust frequently the weakest link.
These third parties may also have direct relationships with other third parties. Because so many companies rely on these interconnected networks of trust, as well as sometimes complex third-party relationship dynamics, weaknesses tend to emerge, making it easier for a crypto hacker to breach cybersecurity defenses.
To avoid these attacks during the crypto winter, cryptocurrency enthusiasts should conduct a risk assessment to identify vulnerabilities. Endpoint safeguards to detect whether a cryptominer is running on an individual or server endpoint should be deployed as soon as the vulnerabilities are discovered that are most likely to be from third parties.
Businesses should also approach third-party relationships with a functional zero-trust policy that includes strong identity verification, extreme password and secret management, and the granting of privileged access only to explicitly authorized users. In addition to zero-trust, organizations can implement systems that restrict user access to systems only when absolutely necessary.
The sources for this piece include an article in TheHackerNews