In April, we blogged about CTA’s role in disrupting malicious cyber activity. We introduced the idea of routinely bringing our members together to develop Joint Analysis reports on specific threats and campaign activity, the same way our early members came together to report on the threat from Cryptowall Version 3 in 2015. Our goal with these reports is to bring our members together to focus on specific problems, share threat information, and work together to provide a complete picture for the common good.
Today, we release our next Joint Analysis, along with a Key Findings fact sheet, this time focusing on the threat of illicit cryptocurrency mining. CTA has brought together the top analysts in cybersecurity to leverage their combined resources and lay out the threat and recent trends, share insights on threat actor TTPs, describe the impact of illicit mining on enterprises and personal devices, and provide recommendations and best practices to address this issue.
CTA members are seeing an enormous increase in illicit mining activity targeting their customers. Activity has gone from a virtually non-exist issue to one that almost universally shows up at the top of our members’ threat lists. Combined data from several CTA members shows a 459 percent increase in illicit cryptocurrency mining malware detections since 2017. Recent quarterly trend reports from CTA members show that this rapid growth shows no signs of slowing down. If 2017 was defined by the threat of ransomware, 2018 has been dominated by illicit cryptocurrency mining.
For many, this may not seem like an important issue. What difference does it make if someone is stealing my computing power to mine cryptocurrencies? However, illicit mining is the “canary in the coal mine” of cybersecurity threats. If illicit cryptocurrency mining is taking place on your network, then you most likely have worse problems and we should consider the future of illicit mining as a strategic threat. More sophisticated actors could use – or may already by using – that same access to lay the groundwork for you to have a really bad day.
We encourage network defenders to make it harder for actors to install illicit miners by using the recommendations in this report, improving best practices and cyber hygiene, and employing security products from CTA members that benefit from shared information on the threat. Defenders must also improve their capability to detect instances of illicit mining and activate their incident response plans to mitigate infections that are discovered. These efforts will make it more expensive to exploit future systems, driving down the profit margins of malicious actors. This Joint Analysis is a call to action for network defenders. CTA and network defenders have the ability to disrupt the activities of illicit miners by raising their costs and forcing them to change their behavior. Together, we can keep them from succeeding in their goals.
Author: Neil Jenkins
CTA Webinar – The Cyber Threat Landscape: 2021 Was a Hell of a Ride – 2022 Isn’t Shaping Up Any Better
Join CTA and Radware as Neil, Daniel, and Pascal discuss the most [...]
Cultivating a Diverse Cybersecurity Workforce
Cyberattacks continue to increase in prevalence and impact and recent cyber incidents have brought a wake-up call that we must invest in training and hiring in the cybersecurity field. Because nearly every aspect of society depends on the digital infrastructure, cyberattacks are costly and extremely disruptive. We continue to rely on an inherently insecure internet […]
Incident Response Blog: Cyber Incidents in Ukraine
As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. [...]