Cryptomining is a legitimate means by which to earn cryptocurrency as compensation. It involves the solving of complex computations that help to verify cryptocurrency transactions and add them to the currency’s blockchain. Those with an entrepreneurial mindset have calculated the return and invest in cloud-based infrastructure to perform their mining.
But why pay for infrastructure when you can just take over an unsuspecting user’s computer instead? This is exactly what cybercriminals are doing. Some no longer are willing to take the long route of trying to make money by stealing data, which involves a relatively tedious process of establishing a foothold on an endpoint, compromising user’s credentials, and moving laterally from endpoint to endpoint until valuable data is found to be exfiltrated.
Instead, some cybercriminals are going for the easy hit by using malware designed to compromise a system and have it cryptomine on behalf of the cybercriminal.
And, unlike ransomware (which may not pay out with each and every infection), cryptojacking essentially always pays out with each successful infection. The more compromised machines means the larger the mining “infrastructure” for the cybercriminal.
The staggering increase of cryptojacking by 1,189% in McAfee’s latest quarterly threat report demonstrates that this isn’t a threat you should sit back and take the “let’s see what happens” approach. The significant rise demonstrates a concentrated all-out assault on every organization and computer they can get their virtual hands on.
The good news is the delivery mechanisms remain the same: drive-by downloads of malware form compromised websites, and phishing attacks. So, keeping your employees focused on being aware of phishing attacks through security awareness training, and maintaining a security-centric mindset is key to stopping attacks from being successful.
Free Phishing Security Test
Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone™ with our new, improved free test.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: