The Cyber Threat Alliance (CTA) recently released a new report, The Illicit Crytopcurrency Mining Threat, in which the group found that crypto-mining has increased 459% from 2017 through 2018. The most recent quarters show that the trend continues to grow rapidly with no indication of slowing down.
“As the values of various cryptocurrencies increase and their use becomes more prevalent, malicious cyber actors are using computers, web browsers, internet-of-things (IoT) devices, mobile devices, and network infrastructure to steal their processing power to mine cryptocurrencies,” the report stated.
While mining for cryptocurrency is a drain on resources that will result in higher electric bills, it also increases the workload that could result in either decreased productivity of business operations that use computing power or even physical damage to the IT infrastructure.
According to the CTA, though, of greater concern is if illicit cryptocurrency mining is happening within an organization, it is a strong indication that there are flaws in the overall cybersecurity posture.
“The majority of illicit mining malware takes advantage of lapses in cyber hygiene or slow patch management cycles to gain a foothold and spread within a network,” the report said. If crypto-miners can gain access to the processing power of a network, there’s a strong likelihood that an attacker can gain – or already has gained – access as well.
“As the threat of crypto-jacking grows, organizations should be ever-vigilant. Crypto-jacking steals valuable resources from the business and organizations should carefully monitor what’s taking place on the network to prevent crypto-jackers from getting a foothold,” said Justin Jett, director of audit and compliance for Plixer.
“Traffic analytics is a critical resource in successfully monitoring and detecting threats like crypto-jacking and should be deployed wherever possible. By leveraging the existing data from the network, IT professionals can easily and quickly identify where crypto-mining malware has entered the network.”
If you found this article insightful, why not watch our #InfosecWebinar on Malware in IoT, Crypto-coins & Smart Devices