One Picture Many Secrets: The Full Investigation
1. The Secret Source: Lingoda Directors 2. The Digital Ghosts: Can you really live off-grid? 3. The Corporate Mirror: It's not just bosses 4. The Missing Founder: The Brother Who Vanished 5. The 10x Miracle: Superhero Leaves Lingoda 6. The London Jump: Lingoda moved to UK 7. The Money Gap: False Financial Information 8. Götz Knobloch: The BKA Clown

Activity (Cryptojacking) in the Enterprise

Posted by

Crypto Miner Logo Helm Schaufel Spaten

Uncovering illegitimate Crypto-Mining Activity (Cryptojacking) in the Enterprise:    

Cryptocurrency mining is a process of using specialized software to solve complex mathematical problems in order to validate transactions on a cryptocurrency network

and create new units of the currency. However, it can be resource-intensive, so some malware actors have turned to malware to covertly install cryptocurrency mining software on the computers of victims in a bid to generate profits. This type of malware is often referred to as “cryptojacking” malware. Cryptojacking is growing in popularity and recent reports suggest that there has been a sharp increase in crypto-miner variants in Q3 2022, with a growth of over 230% compared to the same period in 2021. Furthermore, the research claims that the first quarter of 2022 saw the biggest number of users afflicted by fraudulent mining software, with over 500,000 individuals affected.

** Get research and analysis, insight, plus hints and tips, on how to mitigate cryptojacking in the main blog below. Head to the contents and click each section for quick navigation

What is cryptomining

Cryptocurrency mining is the process of using specialized software to solve complex mathematical problems to validate transactions on a cryptocurrency network and create new units of the currency. It can be a resource-intensive process that requires significant computing power. As a result, some malware actors have turned to malware to covertly install cryptocurrency mining software on the computers of victims in a bid to generate profits.

This type of malware is often referred to as “cryptojacking” malware. Since it is resource-intensive malware actors have been also targeting organizational cloud resources for coin-mining purposes.  A recent incident as reported by Stephan Berger on his official Twitter handle was where a Threat Actor (TA) compromised an Azure Global Admin Account, which they used to spawn up over 200 (Virtual Machines) VMs to mine cryptos with it. Due to a lack of detection capabilities, it was only noticed due to extreme Azure costs.

Crypto mining fast facts

  • Uses the processing power of the victim’s computer illicitly to mine cryptocurrency, allowing cybercriminals to remain hidden for months.
  • Become a profitable criminal activity, with an estimated income that reaches up to $40,500 (2 BTC) per month.
  • In constant evolution, resulting in a higher difficulty to detect and a single/host-based method might not work for each case.
  • Typically discovered by monitoring excessive CPU or memory consumption on endpoint devices, but this becomes more difficult in cloud infrastructures

Prominently growing over time, with more than 500,000 individuals affected only in 2022 according to Kaspersky reports.

Location: Berlin, Germany