Light Dark
March 20, 2018 By Kacy Zurkus 3 min read
Risk Management
CISO

Anytime a new threat has as profound and far-reaching an impact as crypto-mining has this year, it’s tempting to shift from a holistic enterprise security strategy to a single-minded approach, which only focuses on that one particular threat.

Cryptojacking, the act of illicitly mining for cryptocurrency, is grabbing a lot of headlines and creating quite a buzz lately. In fact, Forbes called it the top cyberthreat of 2018. The latest surge in cryptojacking indicates a shift in the way attackers exploit vulnerabilities, but there’s no substantial evidence to support the idea that crypto-mining represents a growing percentage of the overall threats to enterprises.

Crypto-Mining: Surging Threat or Flavor of the Week?

While researching, I tried to find credible statistics to support the claim that crypto-mining is the most dangerous form of malware — but the numbers are all over the place. One report from security provider Check Point stated 55 percent of businesses worldwide had been affected by crypto-mining attacks in December 2017, while a more recent report from the same firm found 42 percent of organizations experience such an attack in February 2018.

If we’re talking about a surge, those numbers are shifting in the wrong direction.

Last year we heard similar conversations about ransomware, which has yet to loosen its grip on organizations around the world. According to research from Enterprise Strategy Group (ESG), 63 percent of companies experienced an attempted ransomware attack in 2017, and a newly discovered variant, Annabelle, is seemingly designed to wreak as much havoc as possible.

Whether it represents a long-term concern or a fleeting trend, crypto-mining has gained lots of media attention this year. Without trivializing the potential risks it poses to enterprises, the reality is crypto-mining is just another web-based malware that can be exploited by an attacker. These types of threats continually emerge and will continue to proliferate as more organizations embark on their journey toward digital transformation.

Voluntary Crypto-Mining Versus Nefarious Attacks

Worse than adware and potentially unwanted applications (PUAs) — but not quite malware — crypto-mining sits in a category of its own for now. Attackers leverage software that uses the processing power of victims’ systems to mine for cryptocurrency. While this sounds malicious, some well-known and oft-visited website operators, including Showtime and Salon, voluntarily run cryptocurrency mining software on their sites as a way to supplement revenues generated by ads.

Still, nefarious actors leverage known vulnerabilities to deliver the mining malware through spam attachments and exploit kits. Before getting swept away in the fear and uncertainty of this trending attack, however, it’s important to take a step back and look at the bigger picture of enterprise security.

Threats From Digital Partners

To defend against web-based malware, it’s essential to understand precisely what is happening and the risks to your organization, particularly when it comes to enterprise websites. One factor contributing to the rise of this threat is the fact that most companies don’t know they’ve been compromised.

“The continuing use of crypto-mining script underscores the importance of knowing your digital partners and the code they execute in your digital environment,” said Chris Olson, CEO of security consultancy The Media Trust, as quoted in Security Boulevard.

Today’s digital enterprises run on code, yet there is a world of unknown code that creates serious risks for enterprises. As Olson recently noted in a CSO Online article, 50–90 percent of executing code is delivered by third parties — who then call upon fourth and fifth parties. To effectively mitigate the risks from digital partners, website operators need transparency and visibility into their vendors’ operations and security activities.

Building a More Comprehensive Enterprise Security Framework

Taking a more active and decisive approach to risk management is a critical step toward establishing a more comprehensive security framework. The cybercrime landscape is continuously evolving, which means organizations shouldn’t invest all their resources into mitigating the latest threat.

Today’s top headline-grabber is cryptocurrency mining malware, but that doesn’t mean companies can ease up on persistent threats, such as ransomware, distributed denial-of-service (DDoS), man-in-the-middle (MitM) attacks and malicious insiders.

To ensure that you have an intelligent, integrated immune system, it’s essential to implement the appropriate prevention, detection and response controls and procedures.

The following security best practices can help you build a better defense in depth strategy to defend against threats:

  • Implement two-factor authentication.
  • Install web application firewalls or web content filtering.
  • Create rules and access controls for user account privileges.
  • Disable access to unused ports and services.
  • Invest in endpoint security technology.
  • Verify that you are running updated antivirus software.
  • Create a patch management program.
  • Develop and practice incident response to confirm that backup policies are in place and that they work.

A comprehensive security framework will allow you to withstand the changing tides of threats. With a holistic security immune system, you can take singular steps to respond to specific threats that augment your existing defense activities and bolster your overall security posture.

Discover IBM’s integrated and intelligent security immune system

 |  |  |  |  |  |  |  |  |  | 
Kacy Zurkus

More from Risk Management
May 7, 2024

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature