In a recent press release, Exabeam – a cybersecurity company, presented the results of a survey and stated that many organizations were not taking the threat of and shadow mining seriously enough. The survey was conducted at the Cloud and Cybersecurity Expo 2019 in London in March and 150 cybersecurity professionals took part.
A surprising number of the participants admitted they were unfamiliar with the terms "shadow mining" and "cryptojacking" – 65% and 57% respectively. Both terms refer to a cybercrime in which the wrongdoer is using the computing resources of an organization to mine cryptocurrency. The difference is that "shadow mining" means the perpetrator is an insider to the organization and "cryptojacking" is a broader term which you could use to describe cases where the threat is coming from the outside, and that includes attacks on both organizations and individuals.
Organizations falling victim to cryptojacking are likely to suffer a number of negatives in addition to their resources being used for the enrichment of the criminal. One of the focuses of cybercriminals who use cryptojacking is to make the malware stay undetected and running as long as possible. To achieve that a lot of the threats in this category may compromise the overall security of the victim device or network which in turn makes the infected machine or network less secure against other threats. Mining cryptocurrencies is a very resource intensive process and can result in huge electricity bills. It can also lead to equipment failing significantly faster than it would under a normal workload. On top of that, hogging that much resources is almost certainly going to have a detrimental effect on productivity.
Exabeam's press release also revealed that a significantly larger number of the respondents believed that the most serious threats could come from outside of their organizations than those who thought insider cybercrime was a serious potential problem. Six percent stated that they wouldn't be able to detect or prevent illicit cryptocurrency mining on their network. Barry Shteiman, VP, Research and Innovation at Exabeam suggests that organizations should try solutions which allow monitoring who is on a network at any given time and what they they are doing.