30% of enterprises hit by crypto-mining attacks in past month

30% of enterprises hit by crypto-mining attacks in past month

Thirty percent of large UK businesses admit to being hit by crypto-mining attacks within the previous month, according to new figures released today.

The research, commissioned by Citrix and carried out by OnePoll, quizzed 750 IT decision-makers across the UK about the growing risks of cyber attacks by cryto-miners.

The poll – carried out in May among organisations with more than 250 employees – found that 59 percent of respondents had detected crypto-mining attacks on their systems at some point, with 80 percent of those occurring in the last six months.

Just 38 percent of respondents believe they have never been subjected to such an attack.

The hidden thieves

Crypto-mining attacks steal devices’ processing power in order to mine for cryptocurrencies, helping hackers to minimise the costs of accruing the digital tokens – the cost per watt of mining in energy and depreciation terms being one of the challenges of valuing or making money from the crypto economy.

While such incursions may not steal data, they slow system performance and ramp up power consumption – effectively making them theft of money and resources, while compromising organisations’ ability to carry out their own operations.

Over time, crypto-mining attacks could cost large enterprises considerable amounts of money. They may also introduce other security threats, leave systems vulnerable to different types of attack, and be connected with ransomware programmes (see Internet of Business says, below).

The Citrix research indicates that attacks typically affect up to 50 devices, with 60 percent of businesses reporting this to be the case. Just over one in 10 (11 percent) of respondents reported over 100 devices being affected following the most recent attack.

Left undetected, the financial cost of running 50 or 100+ computers throughout the night for weeks or months on end could be enormous, while background attacks during office hours would slow system performance significantly.

Spotting the problem

Of those organisations that have fallen victim to an attack, over one-third (38 percent) discovered it though their network-monitoring solutions, while 34 percent were alerted by employees, and 16 percent via slower device performance.

Anti-malware software alerted IT leaders in just seven percent of cases, according to Citrix.

So what are organisations doing about the threat? The good news is that over two-thirds (67 percent) of organisations have formal policies in place for crypto-mining attacks – a high percentage, given the relative newness of the threat in strategic security terms.

Smaller organisations would be well advised to adopt similar measures.

Those without policies are mostly relying on network monitoring solutions (44 percent), anti-malware applications (41 percent), and the blocking of crypto-mining websites (24 percent) to mitigate attacks, said Citrix. However, 21 percent of businesses have no contingency measures at all in place.

The crypto websites angle suggests that security policies should also cover staff using organisations’ resources to mine for currencies while at work.

Internet of Business says

recent study found that 50 percent of large UK businesses are stockpiling cryptocurrencies.

The reason is extraordinary in many cases: to provide a quick means of payment should the organisation be subjected to a ransomware attack. However, such measures are seemingly painting a target on businesses for any crypto-miners that are prepared to use any means to ramp up their profits.

“The threat of a ransomware attack is still very real for large businesses,” said Chris Mayers, chief security architect at Citrix. “Many organisations have therefore invested in cryptocurrencies as a means of payment to restore their data as quickly and efficiently as possible.

“However, in an unfortunate vicious circle, this stockpiling of potentially valuable currency has now made them a target – and businesses appear slow to react to this threat, with many yet to put formal plans in place should they fall victim to an attack.”

Centralising data storage and management should form a key part of such plans, he said, ensuring that organisations keep their customer data and critical IP far from devices and end-points with possible vulnerabilities. “This gives cyber-attackers fewer opportunities to gain leverage and demand ransoms,” he said.

Our Internet of Insurance event takes place in London on 3-4 September. For more details, please click on the logo.