Cryptomining faded from the headlines in late 2018 with falling bitcoin prices, but Kaspersky still considers it a major nuisance, which is employed by rogue employees as well as cybercriminals.
Kaspersky Lab has announced the availability of the latest version of their Kaspersky Endpoint Security for Business [KESB]. The solution includes protection against cryptojacking, a new Adaptive Anomaly Control feature to detect and block unusual activity by specific individuals, and a new Web-based management console.
“The enhancements in this version of Kaspersky Endpoint Security for Business are mainly to help admins gain flexibility and convenience in the way that they manage in a Web- based console, and to help the platform be more protective around user behaviors, with our new Adaptive Anomaly Control, and new prevention capabilities,” said Rob Cataldo, VP of Enterprise Sales, Kaspersky Lab USA.
A major new capability in this release is the introduction of protection against cryptojacking. This unauthorized use of corporate IT resources to mine cryptocurrency jumped into the spotlight earlier in 2018, then receded near the end of the year as the collapse in bitcoin prices to as little as 10 per cent of their peak made this particular type of malware less lucrative for thieves. Cataldo said that Kaspersky still considers it a nuisance, however.
“We believe it is still a top concern,” he said. “A lot of studies from malware researchers find that despite the lower valuation today, the amount of cryptomining has not declined at all. The amount of profit is certainly down, but it is still something of a sure thing for the cybercriminal. It’s anonymous, unlike ransomware, so there is less chance that they will get caught. While the profit on each mining activity will be less because of the lower price, every resource they use that is not their own still increases their profit. It’s the volume of machines that matters, not the amount of profit from each machine.” Cataldo also pointed out that while lower prices today make other types of cybercrime more lucrative, prices could rise again just as they fell in recent months, and bring back an explosion of cryptojacking.
Cataldo said that protection against cryptomining is also a good investment because it’s a significant internal leakage for companies.
“We don’t have statistics on internal use, but we know that it’s a problem because we have had situations where people have been caught doing it,” he stated. “I do think that it is a widespread issue.”
The cryptojacking protection adapts KESB’s capabilities against malicious Web scripts.
“We are applying our traditional protections against malicious scripts to these new nuisances,” Cataldo said. “It boils down to the same fundamentals of anti-malware protection. It’s more of a nuisance, but no one wants to fall victim to it.”
Kaspersky has had machine learning in KESB for several years, and upgraded it significantly in the version of the product introduced a year ago. Now they have strengthened it with a new Adaptive Anomaly Control feature. It analyzes the behavior of users and ‘remembers’ their activity patterns, which lets it block actions that it determines to be abnormal for a specific user. The whole process is automated, so IT security administrators do not need to configure rules manually – saving time and reducing the risk of false positives.
Administration has been made easier by giving the management console a new user-friendly design, and making it available as a Web version through a browser.
“It’s a more modern look, designed for increased convenience, which has been developed based on customer feedback and tests,” Cataldo said. “It now no longer requires a server based application like MMC. The Web-based console also means that you can use a smartphone or even a tablet to manage it.”
Integration with other tools like SIEM, SOAR and EDR platforms has also been facilitated through the integration of OpenAPI through the the Kaspersky Security Center.
“Customers and partners can now integrate more easily with third-party systems becomes easier because they can now integrate with OpenAPI natively,” Cataldo said.
Kaspersky Endpoint Security for Business is available now. It is automatically deployed to all endpoints for existing customers on the approval and acceptance of the license agreement by the admin.