Cryptojacking is still “a bit of a black box” for 71% of CISOs

According to the recent Cyber Threatscape Monero.

But the most disturbing conclusion is that 71% of the survey respondents, mainly Chief Information Security Officers (CISOs) are still stating that cyber attacks are “a bit of a black box” for them and they are still “not quite know how or when they will affect” their organization.

This finding seems a little bit terrifying if to investigate the big picture. Earlier in July 2018 Skybox™ Security, a global leader in cybersecurity management, issued a report saying that in the first half of 2018 crypto mining accounted for 32% of all cyber attacks, outpacing the previous favorite, ransomware (type of malware that restricts users from obtaining their system or personal files and asks ransom payment in order to retrieve the access) which is currently making up just 8%.

And the threat is getting real, from Tesla’s Amazon Web Services cloud infrastructure that was running mining malware in a well-hidden campaign back in February to the recent cryptocurrency news/20-crypto-jackers-arrested-in-china/”>arrest of 20 cryptojackers from China. The group managed to mine 15 million yuan (2.2 million dollars) worth of cryptos within the two years of neat-organized operations.

And even this week alone was very fruitful for speculations on malicious mining cases: it was finally calculated that Coinhive cryptojacking campaign that’s targeting MikroTik routers. And as mentioned in McAfee®, cybersecurity company’s blog, the attack “has the potential to start spreading all over the world, given there are 1.7 million MikroTik routers all over.”

Can someone be safe in the situation when even 71% of Information Security Executives are puzzled? Some security tips are the following:

Ben Ball from BlueCat, Enterprise DNS Company believes that “all cryptojacking attempts do have one thing in common: they have to communicate out. Therefore in his opinion DNS may be the most reliable way to detect and eliminate cryptojacking at an enterprise level.”

Gary Davis is Chief Consumer Security Evangelist from McAfee® recommends checking online notices. “When made aware of vulnerabilities, manufacturers will notify the public, as well as make them aware of incoming fixes.” In addition, he suggests to “secure your home’s internet at the source.”

Furthermore, you can consider using simple tools like Qualys BrowserCheck CoinBlocker Chrome Extension, recently released by Qualys Malware Research Labs. It protects users from active cryptojacking campaigns.

And, well, let’s thank Google for blocking mining apps from Google Play Store earlier in July. They are just trying to look after us.