Don’t Ignore the Cryptominer in the Coalmine: What You Need to Know About the Biggest Cyber Threat Trend of 2018
While the market value of cryptocurrencies has recently experienced a downturn, there’s no denying its exponential growth, peaking at over $700 billion in early 2018. While investors have seen the value in cryptocurrency, so have bad actors and cyber criminals looking to take advantage of this emerging trend. Cryptomining attacks are relatively lucrative, simple to launch and easy to conceal, so even as market value dropped, attacks increased. According to the Cyber Threat Alliance illicit cryptocurrency mining malware detections have grown by 459 percent since 2017.
So what is this new cyber threat and what does it mean? Essentially, cryptomining attacks take place when illicit cryptominers hijack an organization’s computing power to mine for cryptocurrencies.
Since they don’t start by stealing sensitive information or holding your information for ransom the attacks might not seem alarming, but it is important agencies don’t overlook this threat. Cryptomining attacks often indicate a much larger security issue on the horizon—or perhaps already taking place. Many consider these attacks to be canaries in the coalmine.
Additionally, these attacks have a negative impact on agency resources. Due to the high level of demand cryptomining places on compute systems, attacks have a tendency to decrease overall performance for important agency tasks and can even increase the likelihood of mechanical failure on infected devices. Large enterprise environments, like those of many federal agencies, are valuable targets due to their powerful resources.
There are a few steps organizations and individuals can take to protect their networks from cryptomining attacks, starting with basic cyber security hygiene. First and foremost, educate employees on potential red flags, like many attacks sometimes it starts with a simple email. It is also critical to install detection products designed specifically to identify this type of threat. Agencies should examine current environments to ensure rules to detect mining attacks are enabled.
Lastly, agencies need to remain alert to cryptomining attacks—and how quickly these threats evolve. Cryptominers are becoming increasingly sophisticated and practiced at hiding their tracks. While cryptomining typically requires significant computing power, attackers have been able to reduce system usage in order to avoid detection. At the same time, since the approach is growing so rapidly, there is often more than one such attack occurring simultaneously on the network. Miners are beginning to disable other cryptomining activity they detect on the network to reduce their likelihood of being caught. As cryptomining attacks continue to mature, it is essential agencies follow their advancements and know what flags should raise alarm.
Highly lucrative and less disruptive than other cyber threats, cryptomining attacks are sure to increase in the coming year, but agencies can’t let these attacks occur unnoticed in their environments. Learn more about the growing threat and how you can keep your agency safe in the Cyber Threat Alliance’s recent white paper on the issue, with contributions from our partner Cisco: https://blog.talosintelligence.com/2018/09/CTA-Cryptomining-Whitepaper.html