1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Crypto Mining Rampant in Higher Education


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Crypto Mining Rampant in Higher Education

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen

Figures from an analysis of 4.5 million monitored devices across 246 companies show that for every 10,000 devices and workloads, 165 contain active threats. The majority are given a low (113) or medium (18) threat priority; but 34 are ranked high or critical, requiring immediate attention.

Deeper analysis of these figures in Vectra's 2018 Attacker Behavior Industry Report (PDF) shows the different stages of the attackers' kill chain found within different vertical industry sectors. Overall, 37% of detections denote C&C activity, 31% denote reconnaissance activity, 24% denote lateral movement, and 6% actual exfiltration attempts. The reducing numbers seem to indicate analysts' success at mitigating the detections as they progress. The remaining 3% of detections indicate botnet activity.

Applied to the different vertical industries, the analysis shows the fewest threat detections are found in the technology sector (a total of 62 per 10,000 devices) the healthcare sector, (87 per 10,000), and in government (139 per 10,000). Standing out, however, is higher education -- with 542 detections per 10,000 devices. Most of these, 395, are considered low priority threats, and are related to crypto mining. 

"The number of low alerts in higher education is over three-times the normal rate, which is indicative of attacker behaviors that are opportunistic," explains the report. "Inversely, the technology industry has a low volume of devices prioritized as high or critical, which indicates cyberattackers do not often progress deep into the attack lifecycle." 

Other sectors that stop attacks in their early stages include government and healthcare -- indicating the presence of stronger policies, mature response capabilities and better control of the attack surface; possibly because of greater regulation and oversight in these sectors. The very high number of low priority threats in higher education is largely down to a spike in crypto mining.

Higher education is unlike any other industry sector. Its users are not employees and are traditionally averse to outside control -- they will not automatically accept the security controls that can be applied to direct employees, and security teams can rarely impose them. At the same time, the student environment is an attractive target, especially for crypto mining.

"Higher education has a large number of students who are not protected by universities with open networks," explains Vectra. These same students also engage in their own crypto mining because they get free electricity, which is the highest direct cost of crypto mining (crypto mining uses computer resources to convert electricity into money). Geographically, most of this mining activity is done in Asia (76%), with 20% in North America, and just 4% in Europe. Sixty percent of all crypto mining detections uncovered by Vectra occurred in higher education.

The breakdown between mining by malware and mining by choice is not clear. It's a mixture of both, Chris Morales, Vectra's head of security analytics told SecurityWeek. "It's more likely college students crypto mining from their dorm rooms with a dose of outside actors," he added. "For example, some students could be watching pirated movies from an untrusted website that is crypto mining throughout the entire watching session. It would go unnoticed. This movie watching example really happens and was described to me by a security director at a large university as a problem they have to handle.

"Students are more likely to perform crypto mining personally as they don't pay for power, the primary cost of crypto mining," continued Morales. "Universities also have high bandwidth capacity networks with a large volume of easy targets, especially as students are more likely to use untrusted sites (like illegal movies, music, and software) hosting crypto mining malware."

Higher education can only respond to students they discover engaged in crypto mining with a notice the activity is occurring. They can provide assistance in cleaning machines or in the case of the student being responsible, they can issue a cease and desist. Corporate enterprises can enforce strict security controls to prevent such behaviors; but universities do not have the same luxury with students. "They can at best," explains Morales, "advise students on how to protect themselves and the university by installing operating system patches and creating awareness of phishing emails, suspicious websites and web ads."

Vectra's Cognito platform -- the source for the analysis -- uses continuous AI-enhanced anomaly detection to uncover threat behavior from network logs. It applies a scoring system to flagged behavior to reduce the high number of detected events to a low number of actual threats. For example, in this study (and on average), 26,432 events were flagged in every 10,000 devices. These were distilled down through 1,403 detections to 818 devices (per 10,000) with detections.

San Jose, Calif-based Vectra Networks raised $36 million in a Series D funding in February 2018, bring the total raised to $123 million. The funds are earmarked for further development of the Cognito 'attack in progress' threat hunting platform, and to fund a new research-and-development (R&D) center in Dublin, Ireland. 

RelatedDon't be a Crypto-Mining Bot: Where to Look for Mining Malware and How to Respond 

RelatedCrypto-Mining Botnet Ensnares 500,000 Windows Machines 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Crypto Mining Rampant in Higher Education






Ähnliche Beiträge

  • 1. Crypto Mining Rampant in Higher Education vom 498.05 Punkte ic_school_black_18dp
    Figures from an analysis of 4.5 million monitored devices across 246 companies show that for every 10,000 devices and workloads, 165 contain active threats. The majority are given a low (113) or medium (18) threat priority; but 34 are ranked high or critical,
  • 2. USN-3616-1: Python Crypto vulnerability vom 155.93 Punkte ic_school_black_18dp
    python-crypto vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Python Crypto could expose sensitive information. Software Description python-crypto - cryptographi
  • 3. USN-3199-1: Python Crypto vulnerability vom 141.75 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3199-1 16th February, 2017 Python Crypto vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Programs using the Python Cryptogr
  • 4. USN-3199-2: Python Crypto regression vom 141.75 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3199-2 17th February, 2017 Python Crypto regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary USN-3199-1 introduced a regression
  • 5. Google Bans Crypto-Mining Chrome Extensions vom 136.97 Punkte ic_school_black_18dp
    Google on Monday announced that Chrome extensions designed to mine for crypto-currencies are no longer accepted in the Chrome Web Store. While still focused on allowing the Chrome extensions ecosystem to evolve, Google also wants to keep users as safe
  • 6. Crypto Mining Malwares – One of the Most Practiced Attacks during 2018 vom 129.46 Punkte ic_school_black_18dp
    Due to hard detection and easy execution of the attack, 2018 has seen excessive crypto mining malwares. Cryptojacking attacks are based on cryptocurrency mining software injection into thousands of devices, leveraging its processing capabilities to extract the digital assests without the user’s consent. As a result, the victims’ computer equipm
  • 7. Crypto Mining Malwares – One of the Most Practiced Attacks during 2018 vom 129.46 Punkte ic_school_black_18dp
    Due to hard detection and easy execution of the attack, 2018 has seen excessive crypto mining malwares. Cryptojacking attacks are based on cryptocurrency mining software injection into thousands of devices, leveraging its processing capabilities to extract the digital assests without the user’s consent. As a result, the victims’ computer equipm
  • 8. Coverity Scan Hacked, Abused for Cryptocurrency Mining vom 123.42 Punkte ic_school_black_18dp
    Coverity Scan, a free service used by tens of thousands of developers to find and fix bugs in their open source projects, was suspended in February after hackers breached some of its servers and abused them for cryptocurrency mining. Synopsys, which acquired Coverity in 2014, started notifying Coverity Scan
  • 9. Coverity Scan Hacked, Abused for Cryptocurrency Mining vom 123.42 Punkte ic_school_black_18dp
    Coverity Scan, a free service used by tens of thousands of developers to find and fix bugs in their open source projects, was suspended in February after hackers breached some of its servers and abused them for cryptocurrency mining. Synopsys, which acquired Coverity in 2014, started notifying Coverity Scan
  • 10. Searching for gold with habitat restoration in mind vom 116.75 Punkte ic_school_black_18dp
    Searching for gold with habitat restoration in mind<br/>In the Alaska-Yukon region, salmon is as precious as gold. <br/>There are hundreds of small and large placer mining operations in Alaska actively producing gold in the US. Placer mining
  • 11. Searching for gold with habitat restoration in mind vom 116.75 Punkte ic_school_black_18dp
    Searching for gold with habitat restoration in mind<br/>In the Alaska-Yukon region, salmon is as precious as gold. <br/>There are hundreds of small and large placer mining operations in Alaska actively producing gold in the US. Placer mining
  • 12. Searching for gold with habitat restoration in mind vom 116.75 Punkte ic_school_black_18dp
    Searching for gold with habitat restoration in mind<br/>In the Alaska-Yukon region, salmon is as precious as gold. <br/>There are hundreds of small and large placer mining operations in Alaska actively producing gold in the US. Placer mining