Fact: Cryptomining Is a Threat to the Enterprise
Cryptomining hit enterprises hard starting in 2018, and the danger continues today.
Cisco reported that in 2020, almost 70 percent of its customers were victims of cryptomining software, resulting in massive amounts of malicious DNS traffic and significant productivity impacts.
In March 2021, a major attack on Microsoft Exchange Server affected more than 30,000 U.S. organizations.
With the price of cryptocurrency so high, it’s no wonder cybercriminals seek large pools of available computing power to carry out their work, and enterprises are often easy targets.
Spear-phishing attacks that target an organization and entice users to click on links in legitimate-looking emails or websites with malicious scripts that download code to the endpoint are easy ways for cryptomining code to enter the enterprise. Perhaps a more common way is to find vulnerable software or misconfigured servers or Docker daemons.
Remote hackers can exploit those weaknesses to gain full control over systems and perform mining operations. They are also opportunistic: When the price of cryptocurrency drops, they are well positioned on the endpoint or the network, ready to shift to other types of attacks and potentially exfiltrating sensitive data.
Fallacy: Cryptomining Costs the Organization Little
Cryptomining doesn’t shut down business operations, request a ransom for encrypted data or otherwise cause visible damage to an organization. Nevertheless, it brings severe consequences: It can cause an increase in power bills, drive up overall costs and reduce the life of hardware. Cryptomining can drain the enterprise’s processing power, resulting in slowdowns or even shutdowns with accompanying impacts to customers. In extreme cases, there may even be physical damage to devices such as wires and transformers.
Fact: Cryptomining Code Is Hard to Detect
Cryptomining is stealthy. Because cryptomining is designed to operate in the background, malware scanners often overlook these attacks. However, there are ways for the enterprise to detect the presence of cryptomining. Network monitoring tools can reveal increased, unexpected CPU usage that could lead to endpoint failure. Security information and event management tools can be configured to detect changes in the network, servers and endpoints, and endpoint protection products can often detect and isolate cryptojacking code. Also, because the results of calculations must be sent outside the network, increased DNS activity could be a signal that something is wrong.
Fallacy: Ransomware Is the Greater Cause for Concern
Ransomware gets lots of attention in the media, but such attacks are actually on the decline, according to a McAfee report released this year.