• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Search
Search
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Security
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Security for Chromebook
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella and Cisco Secure Access Packages
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
      • Cisco Umbrella for Government Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Your SSE journey with Cisco
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
      • Umbrella and Duo Layered Protection
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
        • – FTC Safeguards Rule Compliance 2023
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
      • Cybersecurity Webinars
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is DNS Security
      • What is a Secure Web Gateway
      • What is a Cloud Access Security Broker (CASB)
      • What is Security Service Edge (SSE)
      • What is Secure Access Service Edge (SASE)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Free Trial Quick Start Guide
      • Free Trial Help and Tips
  • Trends & Threats
    • Market Trends
      • Generative AI Cybersecurity Risks and Rewards
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Clearing search keywords
Threats

Check Your Electric Bill – Malicious Cryptomining Is Lighting up the Internet

Author avatar of Negisa TaymourianNegisa Taymourian
Updated — September 26, 2023 • 3 minute read
View blog >

For years we have been hearing about ransomware ad nauseum. Now there is an emerging threat on the scene, and it’s taking over like wildfire: malicious cryptomining. This browser-or software-based threat enables bad actors to hijack system resources to generate cryptocurrencies for nefarious purposes.

The market volatility of cryptocurrency makes this emerging threat typically much more financially lucrative than ransomware. Cyber thieves are drawn to cryptomining as it is an easy way for them to generate cash and attack even more people while remaining anonymous.

New findings from Cisco Umbrella research shows that in the last nine months there has been a 19x increase in cryptomining activity on the internet. Umbrella protects users from connecting to malicious sites on the internet and analyzes over 175 billion DNS requests daily. The sheer volume of DNS requests gives our researchers a unique view of the internet to better identify trends on threats, faster.

Cryptomining research highlights:

  • 19x increase in cryptomining related traffic in the last 9 months of 2018.
  • Top verticals impacted: energy, education, healthcare, local government and media. No industry is safe. Distribution of crypto traffic is spread across all industries.
  • North American and European countries have heavy malicious cryptomining traffic.
  • Environments with 10,000 employees or less are hit the hardest.

Explosive growth

In 2018, malicious cryptomining consistently ranked as one of the top threats across all internet activity. No other threat has witnessed such massive growth. Total cryptomining activity grew from approximately 600k queries in March 2018 to 11.3 million queries as of December 2018. That is a 19x increase in cryptomining activity across our 90 million Umbrella users.

Why should you care?

Cryptomining in your environment means you are vulnerable. While browser-based cryptomining can be concerning if it is happening routinely and profusely, you should always be on the lookout for bad actors installing malicious cryptomining software in your network. Why? It’s simply a starting point. Attackers can leverage their presence in your network to execute future attacks. Malicious cryptomining also represents a hidden cost to your organization. Stolen computing resources impacts your electricity costs, Amazon Web Services (AWS) computing costs, and your bottom line.

Energy industry most at risk 

Looking at our corporate Umbrella traffic, in particular, we see that about one third of all cryptomining activity is attributed to energy and utilities organizations. Energy organizations may be hot targets due to their likeliness to use outdated systems and software that are more prone to vulnerabilities. Colleges and universities come in at second place with 22 percent of total cryptomining activity across verticals.

Distribution of cryptomining traffic across verticals:

Top traffic by verticals pie chart

North America is a key target

Traffic from our corporate users reveals that the majority of cryptomining activity is being targeted at North America. The U.S. accounts for 62 percent of the total cryptomining traffic, followed by EMEA, which accounts for 6 percent of the total. The remaining traffic is distributed across the globe.

Volume of cryptomining traffic by country:Top traffic by geography pie chart

Size doesn’t matter

Unwanted cryptomining is non-discriminatory. Our research shows that malicious cryptomining is highly prevalent everywhere – across all organization sizes, and industries. No one is safe. All organizations need to take action to protect their resources from malicious cryptomining. Smaller organizations, with less mature cyber security teams, are not exempt. They are also being targeted heavily. In fact, the majority of cryptomining traffic we see is impacting organizations with under 10,000 employees.

Distribution of cryptomining traffic across organization sizes:
Top traffic by company size bar chart
Researchers advise that there is no foreseeable sign of illicit cryptomining slowing down in the coming years. Cryptomining will continue to grow rapidly. So, why wait to get protected?

How can Cisco Umbrella help?

Umbrella is a cloud security platform that protects users from connecting to malicious sites on the internet. By analyzing and learning from internet activity patterns, Umbrella automatically uncovers current and emerging threats, and proactively blocks malicious requests before they reach your network or endpoints.

Umbrella customers can detect, block and protect against unwanted cryptomining in their environments by simply enabling the cryptomining security category in their policy settings.

Policy settings in Umbrella dashboard
Once the cryptomining security category is selected, you can also view cryptomining activity right from the Umbrella dashboard alongside other common threat categories such as malware, phishing and command and control.

Line charts in security category for Malware, Phishing, Command & control and Cryptomining
The ability to detect and block cryptomining is available as standard for all Umbrella customers. Here is what our customers are saying about Umbrella’s cryptomining feature:

“Cisco Umbrella helps me to report on the amount of cryptomining that I am seeing in our APAC locations.” — Richard Crowley, Chief Technology Officer (CTO), JWT

If you’re ready to learn more about Umbrella and to get protection against threats such as malicious cryptomining, sign up for a free trial today.

Additional Resources

Learn more about illicit cryptomining by downloading one of these free resources:

  1. eBook: Malicious Cryptominers are Eyeing Your Resources
  2. White Paper: Defending Your Network from Cryptomining
  3. On-Demand Webcast: 2018’s Top Threat Malicious Cryptomining

Suggested Blogs

  • Cybersecurity Threat Spotlight: Emotet, RedLine Stealer, and Magnat Backdoor February 3, 2022 5 minute read
  • Using DNS-layer security to detect and prevent ransomware attacks August 12, 2021 6 minute read
  • The cost of ransomware attacks: Why and how you should protect your data August 10, 2021 4 minute read

Share this blog

FacebookTweetLinkedIn
Subscribe to the Cisco Umbrella blog Subscribe

Follow Us

Facebook X LinkedIn Youtube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2025 Cisco Umbrella