For years we have been hearing about ransomware ad nauseum. Now there is an emerging threat on the scene, and it’s taking over like wildfire: malicious cryptomining. This browser-or software-based threat enables bad actors to hijack system resources to generate cryptocurrencies for nefarious purposes.
The market volatility of cryptocurrency makes this emerging threat typically much more financially lucrative than ransomware. Cyber thieves are drawn to cryptomining as it is an easy way for them to generate cash and attack even more people while remaining anonymous.
New findings from Cisco Umbrella research shows that in the last nine months there has been a 19x increase in cryptomining activity on the internet. Umbrella protects users from connecting to malicious sites on the internet and analyzes over 175 billion DNS requests daily. The sheer volume of DNS requests gives our researchers a unique view of the internet to better identify trends on threats, faster.
Cryptomining research highlights:
- 19x increase in cryptomining related traffic in the last 9 months of 2018.
- Top verticals impacted: energy, education, healthcare, local government and media. No industry is safe. Distribution of crypto traffic is spread across all industries.
- North American and European countries have heavy malicious cryptomining traffic.
- Environments with 10,000 employees or less are hit the hardest.
In 2018, malicious cryptomining consistently ranked as one of the top threats across all internet activity. No other threat has witnessed such massive growth. Total cryptomining activity grew from approximately 600k queries in March 2018 to 11.3 million queries as of December 2018. That is a 19x increase in cryptomining activity across our 90 million Umbrella users.
Why should you care?
Cryptomining in your environment means you are vulnerable. While browser-based cryptomining can be concerning if it is happening routinely and profusely, you should always be on the lookout for bad actors installing malicious cryptomining software in your network. Why? It’s simply a starting point. Attackers can leverage their presence in your network to execute future attacks. Malicious cryptomining also represents a hidden cost to your organization. Stolen computing resources impacts your electricity costs, Amazon Web Services (AWS) computing costs, and your bottom line.
Energy industry most at risk
Looking at our corporate Umbrella traffic, in particular, we see that about one third of all cryptomining activity is attributed to energy and utilities organizations. Energy organizations may be hot targets due to their likeliness to use outdated systems and software that are more prone to vulnerabilities. Colleges and universities come in at second place with 22 percent of total cryptomining activity across verticals.
Distribution of cryptomining traffic across verticals:
Traffic from our corporate users reveals that the majority of cryptomining activity is being targeted at North America. The U.S. accounts for 62 percent of the total cryptomining traffic, followed by EMEA, which accounts for 6 percent of the total. The remaining traffic is distributed across the globe.
Size doesn’t matter
Unwanted cryptomining is non-discriminatory. Our research shows that malicious cryptomining is highly prevalent everywhere – across all organization sizes, and industries. No one is safe. All organizations need to take action to protect their resources from malicious cryptomining. Smaller organizations, with less mature cyber security teams, are not exempt. They are also being targeted heavily. In fact, the majority of cryptomining traffic we see is impacting organizations with under 10,000 employees.
Distribution of cryptomining traffic across organization sizes:
Researchers advise that there is no foreseeable sign of illicit cryptomining slowing down in the coming years. Cryptomining will continue to grow rapidly. So, why wait to get protected?
How can Cisco Umbrella help?
Umbrella is a cloud security platform that protects users from connecting to malicious sites on the internet. By analyzing and learning from internet activity patterns, Umbrella automatically uncovers current and emerging threats, and proactively blocks malicious requests before they reach your network or endpoints.
Umbrella customers can detect, block and protect against unwanted cryptomining in their environments by simply enabling the cryptomining security category in their policy settings.
Once the cryptomining security category is selected, you can also view cryptomining activity right from the Umbrella dashboard alongside other common threat categories such as malware, phishing and command and control.
The ability to detect and block cryptomining is available as standard for all Umbrella customers. Here is what our customers are saying about Umbrella’s cryptomining feature:
“Cisco Umbrella helps me to report on the amount of cryptomining that I am seeing in our APAC locations.” — Richard Crowley, Chief Technology Officer (CTO), JWT
If you’re ready to learn more about Umbrella and to get protection against threats such as malicious cryptomining, sign up for a free trial today.
Hear more from our team on illicit cryptomining by attending our RSA session: Cryptojacking: What’s in Your Environment? presented by our Threat Analytics Researcher, Austin McBride, and Head of Analytics and Customer Insights, Ayse Firat.
We’ll be onsite all week during RSA at the South Expo Booth 1027 and would love to meet you!