Malicious cryptomining

Cryptocurrency mining is the process of generating new units of cryptocurrency. Cryptominers use their own computing power to verify cryptocurrency transactions and are rewarded with new coins proportional to the amount of computing power they donated to the blockchain network.

Malicious cryptomining is a browser or software-based threat that enables bad actors to secretly use a business’ computing power to mine digital currency through individual machines in browser JavaScript exploits, cloud AWS instances, etc.

Indicators for Umbrella’s cryptomining category are derived from multiple sources including open-source intelligence (OSINT), infrastructure telemetry hunting algorithms, partner relationships and Umbrella’s research on co-occurrences and related domain models. Intelligence typically includes indicators gathered from malware, IPs, domains, campaign research and threat actor developments.

When cryptomining is detected, Cisco Umbrella will block at the IP and domain level, as well as analyze risky domains in the Intelligent Proxy. Umbrella users can detect, block and protect against unwanted cryptomining in their environments by simply enabling the cryptomining security category in their policy settings.

There are three key factors that make up our unparalleled threat intelligence: data, security researchers, and statistical and machine learning models. Umbrella resolves over 175 billion DNS requests daily, far more than any other security vendor, giving our researchers a unique view of the internet to better identify trends on threats, faster. In addition, our industry renowned researchers are constantly finding new ways to uncover fingerprints that attackers leave behind and building new statistical and machine learning models to automatically classify our massive amounts of data.